Challenge Link : https://ctf.hacker101.com/ctf
Flag0
let us look at the challenge Micro-CMS v1
it is an easy challenge and we want to find 4 Flags
So lets dive in
on the entry page 2 pages named testing and markdown
and we can also create a new page.
So lets go to the first page named testing
nothing special here.
lets check out Markdown test
nothing special here.
lets try creating a new page
lets name the page
lets write any content
BUT!!
When we look at the url
the first page is numbered 1
next page is numbered 2
but when we open the next page we can see that it is numbered 6
so let us try to access the 3,4,5 pages
when we try to access it we can see that
when we access the 3rd page it says that it is not found on the server
similar story on the 5th page but when we try to access the 4th page we get a different response
it says that the 4th page is forbidden but it is present in the server
so the fourth page may contain a flag.
now we have to figure out a way to access the 4th page.
we can see that every page has a button for editing the page
when we click at the edit button
the url of the edit page has an "edit" tag in the url
so by adding an edit in the url we can edit any page
since we want to access the 4th page lets try to edit the 4th page lets add an edit to the url
YES we can edit the fourth page and here is the flag..
Flag1
For this one the the hint was like
- Make sure you tamper with every input
- Have you tested for the usual culprits? XSS, SQL injection, path injection
so I tested the usual things such a XSS and SQL injection. When i was playing with the edit URL
I found out that it was excepting a number at the
so I tried to break the query by simply putting a ' in place of a number
the page that loaded contained the flag.
Flag2
for this one the hint was like
- Sometimes a given input will affect more than one page
- The bug you are looking for doesn't exist in the most obvious place this input is shown
from it we can understand that the flag has something to do with input
so as a first step I looked for XSS
the First page that we can enter user input was the create a new page form
I tried to inject an alert() function into the page but the alert doesnt pop up
when we look at the source we can see that the script tag has been replaced by
tag that means it was checking for XSS(Cross Side Scripting).
but when we go back home Suddenly an alert pops up revealing the flag.
I didn't fully understand how this happened
But my assumption is that the content of the pages get loaded when we go back to the home page
Flag3
For this one the hints where like
Script tags are great, but what other options do you have?
so it must be refering to other ways of injecting javascript into the page
one of the other ways of injecting javascript into you page is by using button elements
I noticed that only tags get replaced so i created a button in the description of a page </p> <p>and on the "onclick" attribute (onclick is an HTML attribute in which we can pass some javascript code which gets executed when the button is clicked)</p> <p>I tried to pop and alert.. it did pop an alert but the flag was not found..</p> <p>but then i added flag property to the Button element and kept it empty and </p> <p>i saved the page</p> <p>BUT!! when i looked at the source of the page the content of the flag property was not empty</p> <p>it was replaced with the flag</p> <p>This shows us the amazing advantages of values that already exist but lacks the correct placeholder to contain it.</p> <p>Eventhough it was an easy CTF i learned a lot from this..</p>
Top comments (2)
I really liked the flag3 very detailed one thank you.
Thank You😊