Realist

Hi everyone!

I don’t know how to ask my question without spoilers for task. I found (as I think) a vulnerability in the source code. But I have difficulty using it. The fact is that I can not change the type of input parameter, but this needs to be done for explotation. After several hours of fuzzing, I found strange behavior in several cases (For example, if you add [] to the name of the input parameter, the server behavior will change a little), but this did not bring me closer to solving the task.

I have two questions:
1. Am I moving in the right direction?
2. Please share the ways how to make the php process my input parameter not as a string

Thank you!

You are not in the right direction. Read the source code again. There is a mistake. Make sure that you have source code highlighting enabled (should make easier to spot the error).