User audit: Difference between revisions

Junior system administrator has a recurring task to do regular audit on users and administrators present on the server.

He has created a web application to help him with the task.

50pts

Use the weakness in the web application to read a secret file at /var/backup/secret.txt

When I opened the web page, I noticed that the links open txt files on the web page and the parameters are sent with the GET command. This is shown in the browser address bar.

I immediately set off to see how the program would work if I used the ../ command to navigate the folder. After testing for a while, I found that with the right formatting of the address parameter we can also open files outside the www folder from the server.

So I opened the secret.txt file by adding ../../../backup/secret.txt to the address field

This also gave me the ticket.

• Firefox / Browser

ctftech{file-included}

• Back to CTF Challenges page