Challenge Link : https://ctf.hacker101.com/ctf
let us look at the challenge Micro-CMS v1
it is an easy challenge and we want to find 4 Flags
So lets dive in
on the entry page 2 pages named testing and markdown
and we can also create a new page.
So lets go to the first page named testing
nothing special here.
lets check out Markdown test
nothing special here.
lets try creating a new page
lets name the page
lets write any content
When we look at the url
the first page is numbered 1
next page is numbered 2
but when we open the next page we can see that it is numbered 6
so let us try to access the 3,4,5 pages
when we try to access it we can see that
when we access the 3rd page it says that it is not found on the server
similar story on the 5th page but when we try to access the 4th page we get a different response
it says that the 4th page is forbidden but it is present in the server
so the fourth page may contain a flag.
now we have to figure out a way to access the 4th page.
we can see that every page has a button for editing the page
when we click at the edit button
the url of the edit page has an "edit" tag in the url
so by adding an edit in the url we can edit any page
since we want to access the 4th page lets try to edit the 4th page lets add an edit to the url
YES we can edit the fourth page and here is the flag..
For this one the the hint was like
- Make sure you tamper with every input
- Have you tested for the usual culprits? XSS, SQL injection, path injection
so I tested the usual things such a XSS and SQL injection. When i was playing with the edit URL
I found out that it was excepting a number at the
so I tried to break the query by simply putting a ' in place of a number
the page that loaded contained the flag.
for this one the hint was like
- Sometimes a given input will affect more than one page
- The bug you are looking for doesn't exist in the most obvious place this input is shown
from it we can understand that the flag has something to do with input
so as a first step I looked for XSS
the First page that we can enter user input was the create a new page form
I tried to inject an alert() function into the page but the alert doesnt pop up
when we look at the source we can see that the script tag has been replaced by
tag that means it was checking for XSS(Cross Side Scripting).
but when we go back home Suddenly an alert pops up revealing the flag.
I didn't fully understand how this happened
But my assumption is that the content of the pages get loaded when we go back to the home page
For this one the hints where like
Script tags are great, but what other options do you have?