Encoder: Difference between revisions
Created page with "===Description=== This web application allows you to use coding utility to encode and decode base64 100pts ===Question=== Investigate the application, exploit the vulnerability and read the flag from /var/backup/secret.txt ===Solution=== First, I ran a vulnerability scan on the website with the ZAP tool. Unfortunately, nothing was found. Next I tried to enter all kind of commands to both decoder and encoder sides. I realized that especiality I got errors from decoding..." |
(No difference)
|
Revision as of 13:58, 13 October 2022
Description
This web application allows you to use coding utility to encode and decode base64
100pts
Question
Investigate the application, exploit the vulnerability and read the flag from /var/backup/secret.txt
Solution
First, I ran a vulnerability scan on the website with the ZAP tool. Unfortunately, nothing was found.
Next I tried to enter all kind of commands to both decoder and encoder sides. I realized that especiality I got errors from decoding side when I was entering commands like include, ls, &&.
I entered similar commands on the encoding side and tried the following command && cat /var/backup/secret.txt
This web page returned a long base64 string that looked nothing like the previous ones. I decoded that string twice and got the task flag for myself.
Tools
- base64
Flag
efa58858-a4d0-43ce-ab8d-44ed5b5aaa1b
