[IceCTF] Geocities – Web100

Chall:

I recently stumbled onto this old http://geocities.vuln.icec.tf/ site, it’s a miracle that it’s still up! It must be running some ancient technology and probably hasn’t been updated in years, it’s our lucky day boys!

Messing around and thinking about the description:

It must be running some ancient technology and probably hasn't been updated in years

So i decided to find popular vulnerable 1-2 years ago and found it. It’s SHELLSHOCK! Continue reading

[WhiteHat Contest 11] Ultimate Design Tool – web100

Challenge:

http://118.70.80.143:8104/

The challenge is about CSS Injection, when you click Share your button!, you will post to push.php something like this

csscode={width:+100px;+font-size:+100px;+height:+1px;+line-height:+1px;+border-width:+1px;}&submit=Share+your+button!

Continue reading

[Teaser CONFidence CTF 2016] RoflScale – Web 100

Admins connected a debug interface to our Roflscale DB. They didn’t bother to secure it with a password, so we put in a proxy instead.

IP: roflscale.hackable.software:4000

The main idea of this challenge is the misconfig between urlparse python and REQUEST_PATH of sinatra ruby, so if we input the payload which can bypass filter ‘dump’ python and pass to ruby web server, we got the flag.
Continue reading

[WhiteHat Contest 10] Web100 – Membership v1

Url + Source

Bài này tuy là 100 points nhưng mà làm khá là cực (╥﹏╥), cực ở việc không biết tấn công như nào cho tới khi có hint, cực ở việc dò source để tìm lỗi, cực ở việc biết tấn công như nào rồi thì ngồi đăng ký email để đăng ký nick lại còn bị block vì đăng ký quá nhanh và quá nhiều. Tại sao btc lại không bỏ cái confirm code email đi nhỉ?

Continue reading