TSG ctf 2023

Web

Upside-down-cake

so when we look at the code we can see that the flag is available when the palindrome function returns the correct output i.e when it recognizes the palindrome , which it does:

1. if the length is greater than 1000

2. and the palindrome it's checking by iterating every character and checking reverse is true also

When we send the two different sizes for the input:

look at the function that recvs the json data:

so after digging a bit I found out that if the server is getting the data in json format , why not make a json object that has certain properties that can be used to validate the parameters required by the function to validate and give us the flag so we craft a payload for this:

{"palindrome": {"length": "1000", "0": "", "999": ""}}

Analysis:

This JSON data represents an object with a property named "palindrome," which is itself an object. The "palindrome" object has three properties: "length," "0," and "999." Now, let's analyze the conditions in the validatePalindrome function:

1. Length Check:

   • If the length is less than 1000, it returns 'too short'.

   • In this case, the length is 1000, so this condition is satisfied.

2. Palindrome Check:

   • It iterates through the characters and compares each character at position i with the character at position length - i - 1.

   • It also checks if the type of the character is a string.

   • In this specific palindrome, the characters at positions 0 and 999 are empty strings, so the comparison passes.

result:

we can define the json object properties like this and function will interpret it:

refer