This was the code we were given
CODE BACKUP ©SCTF CORPORATION EVEN THO WE AINT A CORPORATION:
$a = $_GET("plang");
if(isset($a)) {
if(strpos($a,"answer";) !== false && strlen($a) < 2) {
echo $flag;
}
else {
echo "Sadly, yee hath given bad input"
}
We get the flag when strpos($a,"answer") returns true and is boolean and when the length of $a is less than 2 characters.
In order for this conditional statement to ever be true, we need to trick the backend PHP code to returning true.
Pass an array (plang) to the server that contains the string ‘answer’ :
http://tcompete.sctf.io/problems/2015q1/jz/main.php?plang[]=answer
strpos() will return true (strpos() can check arrays for strings, that is the key of this problem,
and strlen() will fail and return false because it expects a string but gets an array. Then we get our flag.