전체 글
WEB & System HackerDirectory Traversal via ".tar" file
1. Concept Directory Traversal via .tar file CVE-2007-4559 Bypass Patch code and advanced exploit 2. Exploit Principle before code was patched The vulnerability occurs when extracting files with the ".tar" extension via the extract, extractall functions of the tarfile Python library. When a file is saved, the filename is saved using the path and the tar filename. e.g) path: ~/Desktop/ | filename..
damCTF 2024 Web Writeup
My team was too good for me to help, but here's a writeup I did on my own for studying purposes. Flower Power # app.py ... @dataclass class Flower: name: str flower_url: str description: str id: str = "-1" database: dict[str, Flower] = dict() def add_flower(flower: Flower): flower.id = generate_id() database[flower.id] = flower return flower add_flower(Flower( "Rose", "https://i0.wp.com/pikespea..
HackfestCTF 2024 Web writeup
[ University ] We need to access to environment variable. @app.route('/', methods=['GET', 'POST']) def login(): if request.method == 'POST': username = request.form['username'] password = request.form['password'] try: response = requests.get(f"http://localhost:5000/api/users/{username}/auth") response.raise_for_status() conn = connect_db() cursor = conn.cursor() cursor.execute('SELECT * FROM use..
Apache OFBIZ Vulnerability (CVE-2023-49070)
1. What is "EPR(Enterprise Resource Planning) System"? A system designed to help different departments within a company communicate with each other efficiently. User can manage accounting, supply chain, project etc.. 2. What is "Apache OFBIZ(Open For Business)"? EPR system based on Java language, created by Apache company Platforms utilized to manage and automate the various tasks performed by d..