ASCWG

ASCWG 2020 Web Challenge G(old)

​Cyber WarGames 2020OverviewTogether with my friendMohamed Midowe have been able to solve this challengeChallange Desciption:Difficulty: EasyPoints: 300 pointCategory: WebChallange Link: 10.0.0.5 on LAN Network it is not Available Onlinevulnerability :SSI​Stepsunderstanding the web appGo to 10.0.0.5you will get this login FormAfter making some routing search on this page like: show source Code, Request, resopsne and Cookies i didn’t find any thing can catche my attention.so,first thing I tried deafault credentials like admin:admin​​

  • you will get welcome message with the value of $_POST[‘name’]

  • i didn’t gey Anything useful

  • Notice red rectangle around file Name and extension .shtml

  • return to Login Form

  • try Login using anything you will login i will try login with yasser:yasser or xss payload will work but not return with flag or any thing

  • you will notice that file name was change again

  • and still with shtml extension

What is shtml ?

  • open first link and read it

  • so it may be SSI Server Side Injection

  • you can using any scanner like burp scanner To be sure

  • So i will seearch about SSI payloads

Exploit SSI to get the Flag

  • Fire Burp Suite and injecti payload , What Happend?

  • Click Follow Redirection

  • Bing0o0o0o0o we got flag file

  • let’s try to display this file to get the flag

  • https://i.ibb.co/Bw3TvB8/redirect-2.png

  • Click Follow Redirection Again

  • Bingo0o0o0o we Got The Flag

Quick links

Kourama

Penetesting, Bug Bounty, CTF player.

PreviousCTFNextWriteups

Last updated