The challenge provides server js code. It uses nodejs.
if (typeof content === 'string' && content.indexOf('FLAG') != -1 || typeof content === 'string' && content.length > 200) {
res.end('Request blocked');
return;
}It use hbs as template engine. If I submit the syntax {{apple}}, it returns 'mint'.
With similar step, I we can submit the syntax {{FLAG}}, it will return the flag.
But the middleware of express engine filter the "FLAG" keyword with string type.
Then we can submit with array type.
With burp suite, use paramter key content[] instead of contet.
With chrome dev tools, replace the name content to content[]
In addition, this solution is unintended solution.
'해킹 & 보안 > CTF Write-ups' 카테고리의 다른 글
| [HSCTF 2020] Algorithm- Alien, Web - Broken Token write-up (0) | 2020.06.09 |
|---|---|
| [Defenit CTF 2020] Misc - Puzzle write-up (0) | 2020.06.09 |
| [Defcon ctf qual 2019] shitorrent write-up (0) | 2020.03.29 |
| [2020-angstromCTF] web - A peculiar query write-up (0) | 2020.03.19 |
| [Trust CTF 2020] 127% Machine / ezrc / grade program write-ups (0) | 2020.02.28 |