Suninatas Game 02

Post author: vkkkv
Post link: <a href="https://vkkkv.github.io/wp/Suninatas/suninatas-game-02/" title="Suninatas Game 02">https://vkkkv.github.io/wp/Suninatas/suninatas-game-02/
Copyright Notice: All articles in this blog are licensed under <span class="exturl" data-url="aHR0cHM6Ly9jcmVhdGl2ZWNvbW1vbnMub3JnL2xpY2Vuc2VzL2J5LW5jLXNhLzQuMC8="> BY-NC-SA unless stating additionally.

Posted on 2026-02-09 Edited on 2026-03-06 In ctf Views: Disqus:

challenges

Game 02

Analysis

<script>
  function chk_form() {
    var id = document.web02.id.value;
    var pw = document.web02.pw.value;
    if (id == pw) {
      alert("You can't join! Try again");
      document.web02.id.focus();
      document.web02.id.value = "";
      document.web02.pw.value = "";
    } else {
      document.web02.submit();
    }
  }
</script>
<!-- Hint : Join / id = pw -->
<!-- M@de by 2theT0P -->

The script prevents the form from being submitted if the id is equal to the pw. However, the hint explicitly states that for the Join challenge, we need id = pw.

Bypass

Intercept the request with a proxy (like Burp Suite or Zaproxy) or use the browser’s Network tab to replay a modified request.

id=admin&pw=admin