I saw that nobody had created the discussion yet. Let’s avoid spoilers
Nice easy challenge. There is a source code, what more do you need 
i cant understand some of the html code may have time someone to help me?\
I’ve spent a bunch of time trying different wordlists for sql injection, xss, usernames… Tried modifying manual requests with burp to bypass the custom waf implementation too. Haven’t found anything! Is index.php a rabbit hole?? Is there something not so obvious that I should be looking for?
Edit: Straightforward once you know what type of attack to use.
how the output will be return from the query ? It just run the query and return thr value … where is the output ?! do I’m in wrong path ?
mmmm Is it what I guess, there is a rabbit hole ?!
@drxxx you get this?
Type your comment> @oldirtykush said:
@drxxx you get this?
Unfortunately not Yet … I’m in loop … from its rate I guess it easy and there is something obvious I cant see
no rabbit holes. just read the code and see if there is a way to bypass the protection.
Type your comment> @daverules said:
no rabbit holes. just read the code and see if there is a way to bypass the protection.
That what I keep doing … I’m able to bypass the WAF but nothing return !!
Hi, any hint? “unset” is the right path or I have to study in deep classic waf bypass techniques? Thanks:)
@J4c said:
Hi, any hint? “unset” is the right path or I have to study in deep classic waf bypass techniques? Thanks:)
There is a risk of overthinking on this one. You can try various things, see if you can get a different response to different requests then, if there is, you can use a tool (s****p) to automate it.
I found it was very, very, very, very slow though. There may be faster approaches.
Type your comment> @daverules said:
no rabbit holes. just read the code and see if there is a way to bypass the protection.
Thank you a lot, it was so obvious as I said
@J4c said:
Hi, any hint? “unset” is the right path or I have to study in deep classic waf bypass techniques? Thanks:)
No … take it as simple as … do not overthinking as @TazWake said, overthinking killed my yesterday … even I found that I have all thing in my hands.
so… slow… i didn’t have to do this in ages ?
good challenge 
learned a lot
I’m trying to 2 days… I know that it’s waf bypass, but really I’m too lost 
someone give me a light?!!
And, I also know that there function waf() block some characters, so I my attempts were something like, //!comand//!comand
Hey, also stuck on this one. But a bit further ahead of WillBar I think.
I understand the code, and what gets given to the php functions from the request.
@WillBar : notice that the WAF function returns a : json_decode($s) . and then what gets passed to the query function is not the original value of the request …
what I’m struggling is what to send as a value of the attribute of the object I’m posting. tried s****p to try to get something going , but no luck… possibly not using it right. Any hints?