frncscrlnd's writeups

Writeups from challenges and CTFs i take part in.

---

Project maintained by frncscrlnd Hosted on GitHub Pages — Theme by mattgraham

Replacement

Let’s take a look at this challenge’s source code:

<script src="hook.js"></script>
<?php
$escaped = preg_replace("/<script>/i", "", $escaped);
?>

<h1>Hello, <?= $escaped ?>!</h1>

<h1>inject</h1>
<form>
    <input type="text" name="payload" placeholder="your payload here">
    <input type="submit" value="GO">
</form>

<h1>src</h1>
<?php highlight_string(file_get_contents(basename(__FILE__))); ?>

However, no payload seems to be working