Official Insomnia Discussion

Official discussion thread for Insomnia. Please do not post any spoilers or big hints.

Hi, Any clue about this challenge? I still can’t get anything.

Hello ! The framework used is codeigniter4. Search exploit for that.

1 Like

Just review source code carefully.

l…()

2 Likes

So there is another solution besides the framework CVE? cause ion wanna solve it like that lol… i still cant find nothing tho

Yes, it is intended path very easy.

Don’t look too far. @mh0m is right, read the code again :wink:

shouldn’t admin password be a flag? in right format ofc

@mh0m and @flmailia are right - the vulnerability is laughably simple.
For what it’s worth, I didn’t investigate any framework CVE or anything like that; I just examined the code carefully and found it.

Edit: I just found a way to exploit the same vulnerability but in another way.

I didn’t think it was laughably simple. I found it eventually, but only because I knew there was something there. I’ve never seen that class of problem before, not even sure what it’s called.

Hi, im super new to this and additionally havent worked with php.
Can someone push me in the right direction? :slight_smile:
I looked into the tips that were already provided here but i cant seem to find the solution.

I just found it, i was really blind and on the wrong track.

SPOILER*

No CVE or anything just review source code and play with the http requests :slight_smile:

Hey, can you give me a little nudge here. Resuming my HTB journey after a long time.
I found that you need ___ of ___ user to get the flag but how do I get the secret which will be used to make ___?

i pawnd it but did not know about the exploit thing. can u explain, so there are multiple ways to do it?

Could you please check whether this approach is still possible? When I alter the request to exploit the logic flaw, I get a 500 error before the breakpoint at the logic flaw is even hit.

Edit: Apologies - commas are important. Solved.

Ah, insomnia—the gift that keeps on giving… or not giving, depending on how you look at it. Anyone else find that lying in bed awake is like your brain’s version of a never-ending rerun? :sweat_smile: