I found this amazing blog about Iceland! Did I ever tell you that I love Iceland? It seems to be made from scratch by a single guy although being impressive, he doesn’t seem too have much experience with web programming. Can you see if you can find any vulnerabilites to pwn his machine?
This is nice website, first we have to login to access some function of it.
This chall is about 2 stage: Continue reading
I recently stumbled onto this old http://geocities.vuln.icec.tf/ site, it’s a miracle that it’s still up! It must be running some ancient technology and probably hasn’t been updated in years, it’s our lucky day boys!
Messing around and thinking about the description:
It must be running some ancient technology and probably hasn't been updated in years
So i decided to find popular vulnerable 1-2 years ago and found it. It’s SHELLSHOCK! Continue reading
The challenge is about CSS Injection, when you click Share your button!, you will post to push.php something like this
Admins connected a debug interface to our Roflscale DB. They didn’t bother to secure it with a password, so we put in a proxy instead.
The main idea of this challenge is the misconfig between urlparse python and REQUEST_PATH of sinatra ruby, so if we input the payload which can bypass filter ‘dump’ python and pass to ruby web server, we got the flag.
Well this challenge is quite interesting, it took me and Tri a lot of time to solve this.
First we will see the challenge look like this:
Nhìn vào đề ta chả thấy gì cả ngoài 2 function login và register, dĩ nhiên là reg một nick và login vào thử xem có thể làm được những gì. Sau hàng giờ fuzzing đau khổ thì biết mình đã dính trap, không làm được gì trong spambox cả.