Intigriti CTF 12-23
After a long time, this month I had the opportunity to attend in the monthly CTF provided by INTIGRITI. As part of the learning process I really recommend everybody to attend on this, it is a mind-blowing experience, you can find more information about the CTF and many other things in the Intigriti's discord community . The CTF is available through the link https://challenge-1223.intigriti.io/challenge.php Here we go!! Summary At first glance, the target is a simple HTML page containing a text box where the payloads should be sent. Also, it shows the regex that is being applied to check the text. If we pass some malicious payload it is going to catch it. Recon Also in the page, the challenge is providing to us the source code running on the server side, let's go through it. Summarizing the source code, it is using php Smarty template engine to render the pages. More below, we can see two IF clauses; The first will redirect you case the text posted is not being submitted by t