DEV Community

Esther mueni
Esther mueni

Posted on • Edited on

Hacker101 CTF-Micro-CMS v1

  • Difficulty: Easy
  • Skills: Web

Flag0

I created a new page and realized the indexing was weird. The 'test' and 'markdown' page already created is indexed as page 1 and 2 respectively. However, when a new page is created, it is indexed as 10.
This means that page 3 and 9 are missing or hidden. So by editing the page number on the website address, I tried opening pages 3 to 9. All the pages showed 404 except page 6 which displayed a forbidden message.

Looking at how other pages are edited, I noticed a pattern in using their index. So applying a similar concept and opened page 6 in editing mode, getting the flag.

Flag1

The hint in the flag suggested trying out the normal culprits; XSS, SQL injection, path injection. So I went with XSS, adding a script tag in all inputs. I was using < script>intruder()< /script > and pasting it in all the inputs.

I tried creating a new page and for the page title, I input this script tag. When I saved the page, the flag popped up in an alert box.

Flag2

For this flag, I injected an alert code in the button on Markdown test page. On clicking the button, I got the flag from the inspect page.

Flag3

For this flag, I considered SQl injection to examine it. The hint indicates that one needs to try other options lest script tags. In the pages, I added an apostrophe (') at the end of the url and finally got the flag from the edit page.

Heroku

This site is built on Heroku

Join the ranks of developers at Salesforce, Airbase, DEV, and more who deploy their mission critical applications on Heroku. Sign up today and launch your first app!

Get Started

Top comments (1)

Collapse
 
nixx0328 profile image
Nixx0328

能讲一下FLAG1时所说的“flag提示”是什么意思吗?

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs