WriteUp for Just Not My Type from Killer Queen 2021

A Writeup for the challenge "Just Not My Type" from Killer Queen CTF 2021.

Published on November 03, 2021 by 0xRar

writeups Web CTF

1 min READ

  • Challenge Information:

Just Not My TypeWebEasy248ZeroDayTea


I really don’t think we’re compatible


First thing i thought it was an sqli, but then i remembered they already gave us the source code
for the challenge.


<h1>I just don't think we're compatible</h1>
$FLAG = "shhhh you don't get to see this locally";
    $password = $_POST["password"];
    if (strcasecmp($password, $FLAG) == 0) 
        echo $FLAG;
        echo "That's the wrong password!";
<form method="POST">
    <input type="password" name="password">
    <input type="submit">

The twist of the challenge is first we didn’t have any link to the webapp, at first so the $FLAG variable is just a fake flag, so i look and nothing really wrong with the code but maybe the function strcasecmp() has some kind of vulnerability or not used in secure way, after googling a bit and reading the strcasecmp
php Documentation

Turns out that strcasecmp() is a single-byte function , after searching what that means and how to exploit it found that if you don’t use it in a secure way it can lead to Authentication Bypass , the idea is to turn the password param into an empty array and the value to %22%22

Example: http://vulntarget.com/type.php?password[]=%22%22

and that gave me the flag :)

Pasted image 20211030045525

Flag: flag{no_way!_i_took_the_flag_out_of_the_source_before_giving_it_to_you_how_is_this_possible}