VolgaCTF 2021 Qualifier - Summary

[aszx87410]

Writeups

1. VolgaCTF 2021 Qualifier - Online Wallet (Part 2) 14 solved
2. VolgaCTF 2021 Qualifier - Static Site 38 solved
3. VolgaCTF 2021 Qualifier - Unicorn Networks 48 solved
4. VolgaCTF 2021 Qualifier - JWT 131 solved
5. VolgaCTF 2021 Qualifier - flask-admin 81 solved

[aszx87410]

VolgaCTF 2021 Qualifier, [Mar 28, 2021 at 10:42:45 PM]: intended solution

JSON.parse('{"money":100000000000000000000000000000000000000000000000000000000000001E-60}')

100

select json_extract('{"money":100000000000000000000000000000000000000000000000000000000000001E-60}','$.money')

100.00000000000001

[PeGrina]

By the way, it was possible to get a negative value, which also gave the flag.

[aszx87410]

Hi @PeGrina, could you elaborate on how to get negative value? I am curious!

[PeGrina]

Yes, @aszx87410, I did it in a slightly strange way, I just quickly sent transfer requests, because of this, the server processed 2 parallel requests at once, which is why it took money from my account 2 times. Because of this, out of 100 coins, I have -98 coins left.

[aszx87410]

@PeGrina It sounds like race condition? Actually I also solved this one by race condition but I still don't know why it works. There are transaction and select... for update, I thought the balance of the wallet will be locked and shouldn't have race condition.