niedziela, 21 września 2014

CSAW CTF Web300 writeup

In this post I want to show my solution for CSAW CTF - Web300. This is the service, where we are able to post some links, that are parsed by bot, and looks like this:

There are two important things about this task. First of all, we can notice that page using jquery 1.6.1 (which prone to XSS - CVE-2011-4969) - and serving this kind of code:

The other thing is that bot is based on PhantomJS, so there's a chance, that it interprete javascript on page just like normal browser. ;)

My first shot after connecting those two facts was to exploit XSS on bot, and steal the cookies. It was correct and gave me a flag - these_browser_bots_are_annoying :-)

Pretty simple. doesn't it? :)

3 komentarze: