CSAW CTF 2015 - Web 600 Writeup

This one was surprisingly easy if you knew where to look.

For this challenge, we were presented with a hint that indicated there was a vulnerability in the code used to run the CSAW CTF. I remember seeing a while back that the platform was open-sourced.

When looking for bugs in open-source projects, both Issues and Commits are good places to start out. In this case, we see a commit recently made with the message “Fix authentication for certain admin actions”

The /admin/chal/new function would be pretty dangerous since it might allow us to upload a file. Let’s see what happens if we make a POST to that endpoint:

jordan@temp:~$ curl https://ctf.isis.poly.edu/admin/chal/new -XPOST
flag{at_least_it_isnt_php}

Easy enough.

Jordan (@jw_sec)

Jordan Wright

Security Researcher, Programmer, Time's 2006 Person of the Year

San Antonio, Texas