CSCAMP | Web500 – Asa7beForums [WRITE UP]

This was the last chall and it was intended to be the hardest one in the web categ 🙂
But, you will notice that in fact an was easy chall…
The only difficulty, if I can call it like that, was just to find the good paylaod and indeed bypass the waf!

Image of Web500_index

After a quick tour of the app i decided to register an account …

Image of Web500_register

… and then login. Once into, i noticed that there where a new feature, the search form

Image of Web500_search

Then I begin fuzzing it manually…
After some tries some of my payload get detected

Image of Web500_hackdetected
I decided to go further and send %25bf%255c’ or 1 — –

This payload is intended to bypass addslashes! (If you’re using addshashes in your application, you’d change it :D!)

Image of Web500_payload

Now, i’ve find the good payload, i can just give it to my python script SQLI and grep the flag 🙂
NOTA: I’m writing since some months a python sqli that do all the job for me, most of the time in CTFs. But unfortunateley, it is not public for the moment 🙂

So let’s launch my exploit and enjoyed 🙂

Image of Web500_exploit1

Image of Web500_exploit2

Flag: Y0u_@r3_Aw3s0me_As@7b3

Have fun folks 😉


Laisser un commentaire

Entrez vos coordonnées ci-dessous ou cliquez sur une icône pour vous connecter:


Vous commentez à l'aide de votre compte Déconnexion /  Changer )

Photo Google+

Vous commentez à l'aide de votre compte Google+. Déconnexion /  Changer )

Image Twitter

Vous commentez à l'aide de votre compte Twitter. Déconnexion /  Changer )

Photo Facebook

Vous commentez à l'aide de votre compte Facebook. Déconnexion /  Changer )


Connexion à %s