Official Insomnia Discussion

Official discussion thread for Insomnia. Please do not post any spoilers or big hints.

Hi, Any clue about this challenge? I still can’t get anything.

Hello ! The framework used is codeigniter4. Search exploit for that.

1 Like

Just review source code carefully.


1 Like

So there is another solution besides the framework CVE? cause ion wanna solve it like that lol… i still cant find nothing tho

Yes, it is intended path very easy.

Don’t look too far. @mh0m is right, read the code again :wink:

shouldn’t admin password be a flag? in right format ofc

@mh0m and @flmailia are right - the vulnerability is laughably simple.
For what it’s worth, I didn’t investigate any framework CVE or anything like that; I just examined the code carefully and found it.

Edit: I just found a way to exploit the same vulnerability but in another way.

I didn’t think it was laughably simple. I found it eventually, but only because I knew there was something there. I’ve never seen that class of problem before, not even sure what it’s called.

Hi, im super new to this and additionally havent worked with php.
Can someone push me in the right direction? :slight_smile:
I looked into the tips that were already provided here but i cant seem to find the solution.

I just found it, i was really blind and on the wrong track.


No CVE or anything just review source code and play with the http requests :slight_smile:

Hey, can you give me a little nudge here. Resuming my HTB journey after a long time.
I found that you need ___ of ___ user to get the flag but how do I get the secret which will be used to make ___?