101 - Web Exploitation

Challenge Description

Web Hacking 101

Author: Fedra

Flag

TSA{Web_Hacking_101_c7319b0bd96f9d01981bbf52ebb7027f}

Analysis

We are given a website without any source code provided. From the main page, we can see the website has a ping functionality and a file upload functionality. When accessing the file upload page, the website uses a query parameter to include the page, meaning that an LFI could happen here.

After using ../../../../etc/passwd as the value of page, we confirmed an LFI vulnerability.

Solution

Since the file is included, we can get an RCE by uploading a file. With the file upload functionality restricted to only allowing images, we can embed PHP code on the metadata.

After uploading the file and accessing the file from the query parameter, we could run any Unix command from the asdf parameter. When running the ls / command, we found a file called flag_c7319b0bd96f9d01981bbf52ebb7027f.txt.

We just need to cat the file to get the flag.

Last updated 1 month ago