I write to better educate myself as I go through CTFs and Bug Bounties. If anything I have written is incorrect, please let me know and send me a link to an article to read to better educate myself.
Location
Seattle
Education
Information Technology BA and Software Engineering Bootcamp Grad
Hi,
So, I used the hint for this one. As far as I can tell there is no specific way to really determine if the site is using the uwsgi-nginx-flask-docker image or any other software stack but you can determine that it is using nginix/1.14.0 (Ubuntu) when you navigate to a page that isnt there like "35.190.155.168/a65bf28b4a.html".
From here it's a good guess that it's probably going to need a SQL UNION command of some kind (The UNION is also in the hints). I took a guess with a UNION statement of 4 UNION SELECT 'uwsgi.ini'-- based on looking up the hint "uwsgi-nginx-flask-docker image". This lead me to the "main.py" because flask uses python.
Hi,
So, I used the hint for this one. As far as I can tell there is no specific way to really determine if the site is using the uwsgi-nginx-flask-docker image or any other software stack but you can determine that it is using nginix/1.14.0 (Ubuntu) when you navigate to a page that isnt there like "35.190.155.168/a65bf28b4a.html".
From here it's a good guess that it's probably going to need a SQL UNION command of some kind (The UNION is also in the hints). I took a guess with a UNION statement of
4 UNION SELECT 'uwsgi.ini'--based on looking up the hint "uwsgi-nginx-flask-docker image". This lead me to the "main.py" because flask uses python.thanks for your explanation, waiting for more posts from you about hacking !!