$ cat writeup.md…
$ cat writeup.md…
bug-makers
Task: PHP lottery app stores user data as JSON in VARCHAR(255); win condition is rigged via mt_rand range mismatch. Solution: send oversized username to trigger silent MariaDB truncation, producing invalid JSON that makes json_decode return null, bypassing the win check via !empty(null) short-circuit.
Permission denied (requires tier.pro)
Sign in with GitHub, Discord, or Google to continue. No email required.
$sign in$ grep --similar