cybertalents |gнαZe

Hello everyone, I hope by the grace of God everyone who is reading this blog post is doing well and their families.

lets solve web security challenge (gнαZe)

after go to the link i find login page so i try to use any credentials to test the site but i get “Wrong Credentials” message , so i try to view the source code i find this comment
<! — try admin:admin — >
so i try this Credentials and i get “You Are Close !” message , so
i try burp suite and i find something weird

Cookie: admin=False
so i try to set it True

i don’t find anything in the HTML source but it redirect me to page called inSiDe.php
so i try using fuzzing this page by “ffuf” or any other tool like arjun . i find parameter called “src” , after sending this parameter, i get the source code .

from the first if condition :

i try to add this parameter “?flag=View” i find the the first part of flag

Flag{Arju!n_

second i need 2 different cookies there name are [cc & kk] the value of these 2 are different and the md5 value is the same .. how is this ?type juggling ,, you can find two values here :
https://github.com/spaze/hashes/blob/master/md5.md

Flag :Md5_ll_

third i find is_numeric function which Finds whether a variable is a number or a numeric string , i need numeric string its length between 4 and 1000
you can find examples here: https://www.php.net/manual/en/function.is-numeric.php
and i use 7e7

i find the third part

Exp0oNential_Ar3_GOod_!}

finally the flag is

Flag{Arju!n_Md5_ll_Exp0oNential_Ar3_GOod_!}

./happy_hacking