Description: We have our online shop of computer related accessories. So for easy customer interaction we have made a stock bot which will give you how many units of enlisted products are available
When we open the webpage, we would get a chat-bot
So some chats with the chat-bot
Here, we see that nothing happened. So analyzing the request sent to get the response of the message
Here, we can see a product parameter (GET request) with value “Hi”, which I sent. In the response, we can see file_get_contents, which is the function of PHP, and it is requesting the file “Hi”, so trying for “/etc/passwd”,
And we got it. So I also tried for “flag.txt”, but nothing happend. So the next thing is to read the source code, so in a fail response, we also get the filename.
So getting the source code with setting the value of product to “check.php”. And we finally got the source code (the below is beautified view)
Here we can see something interesting in line 4, so sending “Flag” to the bot,
And we finally got the flag.
- You can get the source code as well with LFI (although you can get RCE too).
- Here, you could also fuzz the “product” parameter.
Get more VishwaCTF-22 Writeups here