Skip to content

FBCTF

Writeup – FBCTF 2019 – Web – Product Manager

  • by

For this challenge we had a website that had three functions:– showing top 5 products– displaying details of one product (requires name and secret)– adding a new product Apart from that we had access to the source code. From the quick overview everything seemed perfect, not vulnerable to SQL injection (bind_param used), secret hashed, protection against adding a new product when one with the same name already exists etc. Here are some parts of the source code: You can’t show the product if you don’t have a secret and you can’t overwrite it if it already exists. Also on the… Read More »Writeup – FBCTF 2019 – Web – Product Manager