Description
n00bcreated a super secure website for sharing images.Do you think you can hack it?
http://imgaccess.ctf.euristica.in
Write-up
When looking at the index, we quickly noticed the uploader and input Enter image URL.
Usually I think so I should get some XSS, send the link to the admin and get some cookie.
I got an alert on the client side with a .svg file, but I did not get any results.
I sent my host fireshellsecurity.team who was listening on port 1337, but I received the following message.
Apparently and could only send files that were on the link http://imgaccess.ctf.euristica.in/.
So I decided to try something better, I sent the http://[email protected]:1337 payload, I saw my host where I was listening on port 1337, and there was the flag.
I think the resolution involves some other bypass, maybe with htaccess, some time later, the bypass was not working anymore.
Capture the Flag , Server Side Request Forgery , Web , Writeup