[noxCTF] noxComputers

Challenge by jonathanj

The Challenge The challenge is basically a computers store service- the user can buy premium user (or multiple users and be eligible for a future discount), buy a computer, return a computer, and show/edit the account details. The Vulnerability The vulnerability exists in buy_multiple_premium_users(), in the following functionality void buy_multiple_premium_users() { ... ... if((unsigned short)(user_count + premiums_amount) > ARRAY_MAX) { puts_wrapper("You can't create more than 1024 users :("); return; } . [Read More]