CSCAMP | Web500 – Asa7beForums [WRITE UP]

This was the last chall and it was intended to be the hardest one in the web categ 🙂
But, you will notice that in fact an was easy chall…
The only difficulty, if I can call it like that, was just to find the good paylaod and indeed bypass the waf!

Image of Web500_index

After a quick tour of the app i decided to register an account …

Image of Web500_register

… and then login. Once into, i noticed that there where a new feature, the search form

Image of Web500_search

Then I begin fuzzing it manually…
After some tries some of my payload get detected

Image of Web500_hackdetected
I decided to go further and send %25bf%255c’ or 1 — –

This payload is intended to bypass addslashes! (If you’re using addshashes in your application, you’d change it :D!)

Image of Web500_payload

Now, i’ve find the good payload, i can just give it to my python script SQLI and grep the flag 🙂
NOTA: I’m writing since some months a python sqli that do all the job for me, most of the time in CTFs. But unfortunateley, it is not public for the moment 🙂

So let’s launch my exploit and enjoyed 🙂

Image of Web500_exploit1

Image of Web500_exploit2

Flag: Y0u_@r3_Aw3s0me_As@7b3

Have fun folks 😉

Publicités

Laisser un commentaire

Entrez vos coordonnées ci-dessous ou cliquez sur une icône pour vous connecter:

Logo WordPress.com

Vous commentez à l'aide de votre compte WordPress.com. Déconnexion / Changer )

Image Twitter

Vous commentez à l'aide de votre compte Twitter. Déconnexion / Changer )

Photo Facebook

Vous commentez à l'aide de votre compte Facebook. Déconnexion / Changer )

Photo Google+

Vous commentez à l'aide de votre compte Google+. Déconnexion / Changer )

Connexion à %s