[WEB CTF] Can you find the flag in this vulnerability-ridden website?

Status
This thread has been locked.

Harry

Rustacean
Management
Feedback score
10
Posts
1,607
Reactions
876
Resources
0
Thread Title
[WEB CTF] Can you find the flag in this vulnerability-ridden website?

Prize name
$50 PayPal

Requirements and other relevant information
Daniel has recently become interested in the world of web development and wanted to create a simple website for his friend.

However, being a newbie, he wasn't aware of potential vulnerabilities that could arise and how to mitigate them. The website was created using poor techniques and his lack of knowledge within the field has caused inadvertent side effects.

Are you able to find the flag hidden behind his 'secure' website? The prize will be awarded to the first person who posts the correct flag below, or if no one has managed to reach it by the closing date, the member who comes closest will be awarded the prize.

http://23.95.242.142/ (the flag starts with "flag_")

End date
May 1, 2020

If award date is different from contest end date, please specify.
 
PebbleHost
High performance, consistent uptime and fast support. Minecraft hosting that just works.

TBK

59,226.94 CRO
Deactivated
Feedback score
49
Posts
756
Reactions
753
Resources
0
Top left of screenshot
 

Attachments

  • Screenshot_20200311-192934_Chrome.jpg
    Screenshot_20200311-192934_Chrome.jpg
    527.3 KB · Views: 62

zManuel

Supreme
Feedback score
11
Posts
51
Reactions
58
Resources
0
WulfGamesYT what's ur discord.[DOUBLEPOST=1583958050][/DOUBLEPOST]The flag looks to be empty on my side. I've logged in as superadmin but when I go on write-blog where the key should located in $_GLOBALS['flag'] I can't see it. Harry
 
Last edited:

Harry

Rustacean
Management
Feedback score
10
Posts
1,607
Reactions
876
Resources
0
flag_l01md9aMid9AlaBIr17491gXLvX7AlHq
Yep, that's correct. Insecure include() -> loose comparison between two md5 hashed passwords -> hashes are string-represented floating points that evaluate to 0 -> loose comparison returns true -> gain access to 'superadmin' user -> flag was in the response header

Basically everything you want to avoid when making a production application. Maybe a tad easy considering that it didn't take you guys long to complete, but wanted to do some sort of giveaway that actually required some thought, instead of these 'guess the number I'm thinking' ones.

Maybe we'll see another one in a few months that's a bit more challenging, who knows. :whistle:

Competition closed.
 
Status
This thread has been locked.
Top