[noxCTF] noxComputers
Challenge by jonathanj
The Challenge The challenge is basically a computers store service- the user can buy premium user (or multiple users and be eligible for a future discount), buy a computer, return a computer, and show/edit the account details.
The Vulnerability The vulnerability exists in buy_multiple_premium_users(), in the following functionality
void buy_multiple_premium_users() { ... ... if((unsigned short)(user_count + premiums_amount) > ARRAY_MAX) { puts_wrapper("You can't create more than 1024 users :("); return; } .
[Read More]