all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Exploring the Upper() Method in Python: Uncovering Vulnerabilities

Add to bookmarks
Oct. 15, 2023, 4:34 p.m. | Arun balaji

InfoSec Write-ups - Medium infosecwriteups.com

Analyzing Character Length Changes with the upper() Method

Hello Everyone, I’d like to share an intriguing discovery I made during a recent CTF (Capture The Flag) challenge centered around the Python upper() method.

Source Code:

@app.route('/login',methods=['GET','POST'])
def login():
    if request.method == 'GET':
        return render_template('login.html')
    elif request.method == 'POST':
        if len(request.values["username"]) >= 40:
            return render_template_string("Username is too long!")
        elif len(request.values["username"].upper()) <= 50:
            return render_template_string("Username is too short!")
        else:
            return flag

Our Goal is to get the flag here but we need …

ctf ctf-writeup python web

Visit resource

More from infosecwriteups.com / InfoSec Write-ups - Medium

AWS S3 Bucket Misconfiguration Exposes PII and Documents of Job Seekers 3 days, 6 hours ago | infosecwriteups.com
bug bounty cloud cybersecurity india +1
Honeypots 101: A Beginner’s Guide to Honeypots 4 days, 6 hours ago | infosecwriteups.com
art attacker attackers attacks +19
No Dev Team? No Problem: Writing Malware and Anti-Malware With GenAI 4 days, 18 hours ago | infosecwriteups.com
ai anti-malware can companies +29
The Diamond Model: Simple Intelligence-Driven Intrusion Analysis 5 days, 6 hours ago | infosecwriteups.com
analysis continue cyber cybersecurity +18
Analysis of Competing Hypotheses: How to Find Plausible Answers 5 days, 6 hours ago | infosecwriteups.com
analysis continue cybersecurity discover +10
Devvortex Hackthebox Walkthrough 5 days, 6 hours ago | infosecwriteups.com
cybersecurity htb htb-walkthrough htb-writeup +1
Port Scanning for Bug Bounties 5 days, 6 hours ago | infosecwriteups.com
bug bounty bug-bounty-tips cybersecurity infosec +1
How I Accidentally Discovered an Insecure Direct Object Reference (IDOR) Vulnerability on Coursera 5 days, 6 hours ago | infosecwriteups.com
article certificate coursera cybersecurity +15
TryHackMe - Mr. Robot CTF 5 days, 7 hours ago | infosecwriteups.com
ctf linux security tryhackme

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Senior Security Officer

@ eSimplicity | Remote
View on infosec-jobs.com

Senior - Automated Cyber Attack Engineer

@ Deloitte | Madrid, España
View on infosec-jobs.com

Public Key Infrastructure (PKI) Senior Engineer

@ Sherwin-Williams | Cleveland, OH, United States
View on infosec-jobs.com

Consultant, Technology Consulting, Cyber Security - Privacy (Senior) (Multiple Positions) (1502793)

@ EY | Chicago, IL, US, 60606
View on infosec-jobs.com

Principal Associate, CSOC Analyst

@ Capital One | McLean, VA
View on infosec-jobs.com

Real Estate Portfolio & Corporate Security Lead

@ Lilium | Munich
View on infosec-jobs.com
View more jobs