Question:
Service : https://replace-with-grace.ctf.internetwache.org/
Solution :
The webpage had 3 parameters : search,replace and content
An example would be :
search : /cow/
replace : cat
content : cows are cute
output : cats are cute.
As the webpage uses php, I googled for php search and replace regex
Now I was clear that it uses preg_replace function. Searching for flaws in preg_replace I found that it is prone to command execution using the modifier "e"
This website explains it better : https://bitquark.co.uk/blog/2013/07/23/the_unexpected_dangers_of_preg_replace
Time for practicals
and there we have what we want. Isn't it ?
FLAG : IW{R3Pl4c3_N0t_S4F3}
Service : https://replace-with-grace.ctf.internetwache.org/
Solution :
The webpage had 3 parameters : search,replace and content
An example would be :
search : /cow/
replace : cat
content : cows are cute
output : cats are cute.
As the webpage uses php, I googled for php search and replace regex
Now I was clear that it uses preg_replace function. Searching for flaws in preg_replace I found that it is prone to command execution using the modifier "e"
This website explains it better : https://bitquark.co.uk/blog/2013/07/23/the_unexpected_dangers_of_preg_replace
Time for practicals
and there we have what we want. Isn't it ?
FLAG : IW{R3Pl4c3_N0t_S4F3}
No comments:
Post a Comment
enter valid comments.Suggestions are most welcome and would be interested in correcting my mistakes.