100 points
Category: Web Exploitation
Tags : #regex
How about trying to match a regular expression.
Inspecting the webpage source, has the following form :
<form action="#" onsubmit="return send_request()">
<input type="text" id="name" name="input" placeholder="Input text">
<br>
<br>
<button id="submit-but" type="submit" id="submit-button">SUBMIT</button>
</form>
With the following send_request() javascript script :
<script>
function send_request() {
let val = document.getElementById("name").value;
// ^p.....F!?
fetch(`/flag?input=${val}`)
.then(res => res.text())
.then(res => {
const res_json = JSON.parse(res);
alert(res_json.flag)
return false;
})
return false;
}
</script>
Attempting to match our form input with the regex pattern ^p.....F commented in send_request() source. ^ anchors the pattern to the start of the text, . is matching on any character and finally a F character.
form input: picoCTF
picoCTF{........redacted........}
Actual flag value redacted for the purposes of the write up.