Skip to content

ImaginaryCTF 2023: Inspection

TL;DR

  • Challenge explicitly hints at client-side inspection.
  • Page source contains a malformed HTML attribute.
  • The attribute value embeds the full flag.
  • No server-side exploitation is required.

Description

Here's a freebie: the flag is ictf.

Solution

As the title suggests, we can use the inspector (F12) and have a look around.

We'll quickly see the description HTML looks like this.

<p m4rkdown_parser_fail_1a211b44="">Here's a freebie: the flag is ictf.</p>

We have our flag.

Flag: ictf{m4rkdown_parser_fail_1a211b44}