Skip to main content

Posts

Showing posts from October, 2019

From Multiple IDORs leading to Code Execution on a different Host Container

Here is a short write-up on an interesting bug that I found while testing a Site there won't be many screenshots of the bug as I can't disclose any detail about the target.

Let's talk about the target now the site is somewhat similar to any web hosting platform instead of providing a domain name and hosting web services like WordPress or Joomla. In this platform, we can host services such as Wordpress or Joomla and point that to our domain the backend uses docker as a medium to host the service which means that when we create a new service a docker container is created and the service is isolated within the docker container.



This is what I think of how the backend system creates a new service. So where is the vulnerability then in that platform I was able to find multiple IDORs such as stopping or starting any users hosted service and enabling and diabling security features but what made the application vulnerable to IDOR or Access Control Issues.The site uses a cookie cal…

COCON XII DOME CTF Walkthrough

This is the walkthrough for the challenges that were provided as a part of COCON's DomeCTF

Before we start reading can we just admire the Badge that was given as a part of DOME CTF.


In this challenge, we were given a message.txt file that contained a long base64 string when decoded gives out a string that is either reversed or encrypted with rot13 by recursively decoding this message and at the end, the flag is displayed.
domectf{T5EN7Uxp7KjluznduX8tmXlhc5lX0qHH}
In this challenge as the challenge, the description says to read the rules page that was given at the time of registration. On that page, there was a QR code when scanned spits out a link to a gist snippet.
https://gist.githubusercontent.com/anees264/90af6d6e6b80c65b18a15e7c0dd769bd/raw/eb0bdcbf19368d9dc4ed66450816ca4314e88dd4/the_rules.txt When visited gives out a strange text

'CB;_9>7<;43Wxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCB^]\[ZYXW VUTMqQPON0Fj-IHG@d'&%$#"!~}|{zyxwvutsrqponm…