Nahamcon 2021 – Asserted

Not gonna lie, this was one of the challenge who took me the longest in this CTF, mostly cause i’m not that familiar with php but was definitely fun understanding how to bypass an unsanitized url-parameter and exploiting the machine using other php code injected in such a ‘don’t give a damn’ way