CTFtime.org / Google Capture The Flag 2017 (Quals) / Mindreader

Points: 50

Tags: miscellaneous

Poll rating:

Writeups

Action	Rating	Author team
Read writeup	not rated	faker_
Read writeup	not rated	Ethical Hackers Club
Read writeup	not rated	zero-paasei
Read writeup	5.0	bruh
Read writeup	not rated	ShellWarp
Read writeup	5.0	Root Security

You need to authenticate and join a team to post writeups notallowed1503 – June 19, 2017, 8:34 a.m.

can you tell me how you injected the php code in this site?? thanks in advance. by the way nice writeup.

argaz – June 19, 2017, 9:56 a.m.

He didn't inject code. The vulnerability was that any existing file path that he would type into the input, would be read and returned to the client.

W3ndige – June 19, 2017, 11:04 a.m.

You just have to enter paths in the input box, and from there look for common files. Example of geting to /etc/passwd would be typing ../../../../etc/passwd in the input.

argaz – June 19, 2017, 11:48 a.m.

@W3ndige you don't need to do relative paths, it would accept absolute paths like /etc/passwd fine.

W3ndige – June 19, 2017, 11:49 a.m.

@argaz - Now i now :D Thanks for the info!

Mindreader

Writeups

Comments

Sign in with