VishwaCTF-22 => “Stock Bot” (Web)

Challenge Info

Description: We have our online shop of computer related accessories. So for easy customer interaction we have made a stock bot which will give you how many units of enlisted products are available

URL: https://st0ck-b0t.vishwactf.com/

Vishwa CTF

Solution

When we open the webpage, we would get a chat-bot

So some chats with the chat-bot

Here, we see that nothing happened. So analyzing the request sent to get the response of the message

Here, we can see a product parameter (GET request) with value “Hi”, which I sent. In the response, we can see file_get_contents, which is the function of PHP, and it is requesting the file “Hi”, so trying for “/etc/passwd”,

And we got it. So I also tried for “flag.txt”, but nothing happend. So the next thing is to read the source code, so in a fail response, we also get the filename.

So getting the source code with setting the value of product to “check.php”. And we finally got the source code (the below is beautified view)

Here we can see something interesting in line 4, so sending “Flag” to the bot,

And we finally got the flag.

Takeaways

  • You can get the source code as well with LFI (although you can get RCE too).
  • Here, you could also fuzz the “product” parameter.

Get more VishwaCTF-22 Writeups here

--

--

--

<broken code>

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Six Reasons Agile Teams Deliver Frequently And Why It Matters

10 things we learned from organizing a hackathon on healthcare data

Up for a challenge? Unit testing y’all!

SparkAR Animations C4D

Setup Hadoop Cluster Using Ansible Playbook

Mysql Database Download Mac Os X

Top 5 DevOps Trends and Its Future Scope | Jellyfish Technologies

API Design — Deriving Future

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Shriyans Sudhi

Shriyans Sudhi

<broken code>

More from Medium

VishwaCTF-22 => “Hey Buddy!” (Web)

Session Fixation

Writeup: CSRF where Referer validation depends on header being present @ PortSwigger Academy

DC-1 : WALKTHROUGH