-
HTB - Insomnia - web - easy
This challenge is a huge bootstrap app written in PHP. Insomnia/app/Controllers/ProfileController.php contains the following: $token = (string) $_COOKIE["token"] ?? null; $flag = file_get_contents(APPPATH . "/../flag.txt"); if (isset($token)) { $key = (string) getenv("JWT_SECRET"); $jwt_decode = JWT::decode($token, new Key($key, "HS256")); $username = $jwt_decode->username; if ($username == "administrator") { return view("ProfilePage", [ "username"...
-
HTB - Why Lambda - web - hard
The challenge have flag.txt referenced nowhere so either LFI or RCE. App has backend in flask and front in vue. The app has a bot and its password is ungettable afaik. When bot -> XSS. So I looked into vue XSS examples and all showed just v-html as the equivalent...
-
PlaidCTF 2023 - subs - web
Cache Poisoning in GraphQL The flag is accessible for admin only, admin is a bot verified based on window.localStorage.token. In order to communicate the client and the server make use of linked apollo graphql. Client Written in a React frontend web app, had some dangerouslySetInnerHTML in few places, but not...
-
PlaidCTF 2023 - Davy Jones' Putlocker - web - part 1
PlaidCTF 2023 - Davy Jones’ Putlocker - web - part 1 justCatTheFish write-up Challenge meta Name: Dubs Solves: 67 Reward: 350 Description: When I not be plunderin’ the high seas, I be watchin’ me favorite shows. Like any self-respectin’ pirate, I don’t be payin’ for my media. But I’ll be...