type: #WEB #whitebox difficulty: #easy SOLVED by: #myself
lesson learnt > after almost 2 days from trying and not understading shit being copypasta person if you don’t understand the code playing with it isn’t enough
the challenge
opening the web page i see this
uploading a file and the site spit out its content
looking and the source code
it’s takes a zipped file ‘docx is a zipped file btw’ to unzip it and read a traget
AT LINE 38 we see that we control the key-value ExtractTarget in our POST request
rn its word/document let’s do poc
we will replace word/document.xml with etc/passwrd and see what will happen
we were right Error : open /tmp/{uuid}/etc/paswrd
NOW let’s try ../../../../../../../flag
WE GOT OUR FLAG :)