8 posts tagged with "Web Exploitation"

ISITDTU CTF 2024 - Writeup Web Challenges

October 30, 2024 · 7 min read

Writeup

Another one

For this challenge, at first glance, I'm looking at this part:

@app.route('/render', methods=['POST'])
def dynamic_template():
    token = request.cookies.get('jwt_token')
    if token:
        try:
            decoded = jwt.decode(token, app.config['SECRET_KEY'], algorithms=['HS256'])
            role = decoded.get('role')

            if role != "admin":
                return jsonify(message="Admin only"), 403

            data = request.get_json()
            template = data.get("template")
            rendered_template = render_template_string(template)
            
            return jsonify(message="Done")

        except jwt.ExpiredSignatureError:
            return jsonify(message="Token has expired."), 401
        except jwt.InvalidTokenError:
            return jsonify(message="Invalid JWT."), 401
        except Exception as e:
            return jsonify(message=str(e)), 500
    else:
        return jsonify(message="Where is your token?"), 401

Analysis CVE-2024-4367 (PDF.js)

September 4, 2024 · 10 min read

Introduction

CVE-2024-4367: Arbitrary JavaScript execution in PDF.js

CVE-2024-4367 presents a critical vulnerability within the esteemed PDF.js library, widely embraced for its adeptness in rendering PDF files in web browsers.

This exploit enables adversaries to inject and execute arbitrary JavaScript code within a user's browser context, catalyzing a perilous Cross-Site Scripting (XSS) scenario. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

Severity:

CyberSpace CTF 2024 - Writeup Web Challenges

September 3, 2024 · 7 min read

ZipZone

Attack Defense Cheatsheet

August 10, 2024 · 8 min read

Dashboard

AmateursCTF 2024

April 13, 2024 · 20 min read

Overview

The CTF event: https://ctftime.org/event/2226/ I played as solo player and got the rank higher than i expected lul. I have learned a lots when playing this CTF.

Backdoor CTF 2023 - Writeup Challenges

December 18, 2023 · 6 min read

web/too-many-admins

1337UPLIVE CTF 2023

November 20, 2023 · 10 min read

Overview

I join with my team (BKISC) that participated in this CTF organized by Intigriti and got 2nd place 🥳🥳🥳.

ISITDTU CTF 2023

October 15, 2023 · 7 min read

thru_the_filter_test_flag

Author: onsra Description: This challenge gives us a website that can be exploited by SSTI.

Review code:

from flask import Flask, request, render_template_string,redirect

app = Flask(__name__)
def check_payload(payload):
    blacklist = ['import', 'request', 'init', '_', 'b', 'lipsum', 'os', 'globals', 'popen', 'mro', 'cycler', 'joiner', 'u','x','g','args', 'get_flashed_messages', 'base', '[',']','builtins', 'namespace', 'self', 'url_for', 'getitem','.','eval','update','config','read','dict']
    for bl in blacklist:
        if bl in payload:
            return True
    return False
@app.route("/")
def home():
    if request.args.get('c'):
        if(check_payload(ssti)):
            return "HOLD UP !!!"
        else:
            return render_template_string(request.args.get('c'))
    else:
        return redirect("""/?c={{ 7*7 }}""")


if __name__ == "__main__":
    app.run()

Writeup​

Another one​

Introduction​

CVE-2024-4367: Arbitrary JavaScript execution in PDF.js​

ZipZone​

Dashboard​

Overview​

web/too-many-admins​

Overview​

thru_the_filter_test_flag​

Writeup

Another one

Introduction

CVE-2024-4367: Arbitrary JavaScript execution in PDF.js

ZipZone

Dashboard

Overview

web/too-many-admins

Overview

thru_the_filter_test_flag