CTF notes - TairinySimeonato/WebAuditing GitHub Wiki

  1. Look at source code

  2. hashid <encrypted_here>: command that tell you what type of encryption it is (most likely)

  3. strcmp - php function has auth bypass vulnerability: transform the variable into an array Example: username=a&password=b username[]=a&password[]=b