I am busy working through the BlitzCTF challenge. I have managed to get past the first level, to the second level with the form asking for a username and password, and a single image. I have also looked at all the source and files on the link provided, and tried basic injection, but nothing obvious is sticking out.
I don't want to give anything away here, but I have managed to find the flag, and not exactly sure what to do with it. I don't know if it somehow needs to be processed further, such as xor or shift cipher or something to the sort.
Would anyone be able to provide a hint or suggestion, without giving too much detail away?