While playing Codegate CTF 2013 this weekend, I had the opportunity to complete Web 200 which was very interesting. So, let get our hands dirty. The main page asks you to provide a valid One-Time-Password in order to log in: A valid password can be provided by selecting the "OTP issue" option, we can see the source code (provided during the challenge) below: include("./otp_util.php"); echo "your I
![Unauthorized Access: Bypassing PHP strcmp()](https://cdn-ak-scissors.b.st-hatena.com/image/square/9fe0a0c2046899e873f153630450cfef6d67eed1/height=288;version=1;width=512/http%3A%2F%2F2.bp.blogspot.com%2F-xtqAKD3o2f4%2FUTLeINmwhyI%2FAAAAAAAAAFM%2FcCBvBvul28Y%2Fw1200-h630-p-k-no-nu%2Flogin.png)