This challenge was a WebApp in which you could buy some things among which there was the flag. One little problem: the flag costed 100k$ and you have… no money. No difference from real life.
Navigating through the tabs one could find a “subscribe” button which, when feeded a “valid” email address would print out a coupon code that would apply a 10% discount.
First thing I thought was “well, let’s try to submit multiple coupons”… Obviously it failed.
The WebApp processed one coupon at a time. After trying to SQL inject various payloads (all of which miserably failed)
we thought that maybe there was a LFI given the
The LFI did not work of course (did something simple ever worked at all?) but later on it turned out the trick was fairly simple:
- Subscribe and obtain a coupon;
- Modify the
index. By doing so the page recursively loaded itself (like a… fractal);
- Apply the coupon inside the inner-most page so it will be applied
ntimes, until the flag’s cost reaches 0;
I’m getting sick of online shops.