HC's Capture the Flag website
CTF Contests
25C3-CTF
25C3-CTF final results
List of advisories
| Team | Advisory | Status | Rating |
|---|---|---|---|
| WiiPhonies | BY: c1de0x service: vdspi severity: medium (details) | rejected | [0] too late |
| WiiPhonies | BY: John_K service: CGIBAS severity: high (details) | rejected | [0] too late |
| OpenTU | BY: anonymous coward service: goffer severity: low (details) | rejected | [0] too late |
| Ailuropoda Melanoleucas | BY: Samsa service: vdspi severity: medium (details) | rejected | [0] there is a much more practical and effective fix |
| h4ck!nb3rg | BY: churchy service: all? severity: low (details) | accepted | [2] yapp. It's serious |
| WiiPhonies | BY: John_K service: Team SquareRoots severity: high (details) | rejected | [0] no comment |
| squareroots | BY: manager service: ultrashare severity: medium (details) | rejected | [0] Not in the original version. Maybe another team modified this at your box. |
| Janet Reno Redemption Fund$ | BY: adc service: ultrashare severity: medium (details) | rejected | [0] Not enough information. Maybe dup. |
| 61xor42 | BY: hc service: teamimage severity: low (details) | accepted | [1] True, geta ya one point |
| WiiPhonies | BY: c1de0x service: CGIBAS severity: high (details) | rejected | [0] one score is nuff ... there were already too many scores given out for these bugs |
| nosec/!eof | BY: thorben service: ICANHASGOFERDEE severity: high (details) | rejected | [0] was already reported |
| Ailuropoda Melanoleucas | BY: Samsa service: tcpserver severity: medium (details) | rejected | [0] stralloc_append does bounds checking |
| WiiPhonies | BY: John_K service: ULTRASHARE severity: high (details) | accepted | [2] Yapp. |
| WiiPhonies | BY: c1de0x service: CGIBAS severity: high (details) | accepted | [1] nice :-)) |
| hohh | BY: EQ service: Goferdee severity: high (details) | rejected | [0] was already reported |
| KEVA | BY: slashd service: cashflag severity: low (details) | rejected | [0] That fix doesn't work, because it doesn't distinguish between real and faked flags |
| Janet Reno Redemption Fund$ | BY: anonymous coward service: advisory system severity: low (details) | rejected | [0] oh, and you think THIS advisory is not silly? |
| Stealth Assassin | BY: thaidn service: Goferdee severity: high (details) | accepted | [1] correct, but empty impact section |
| Stealth Assassin | BY: lamer service: gopherdee severity: high (details) | accepted | [1] nice fix |
| KEVA | BY: slashd service: Cashflags severity: low (details) | rejected | [0] Please clarify the 'impact'-section of your report |
| Ailuropoda Melanoleucas | BY: Samsa service: ultrashare severity: low (details) | rejected | [0] Yeah, but in my opinion this is fixed already by your previous fix (see #90) |
| Janet Reno Redemption Fund$ | BY: adc service: General severity: low (details) | rejected | [0] I think we told you to change it;) |
| squareroots | BY: manager service: CGIBAS severity: low (details) | accepted | [1] well done |
| hohh | BY: EQ service: Goferdee severity: high (details) | rejected | [0] Hmm, you mean you should fix the vulnerability? How? ;) |
| h4ck!nb3rg | BY: BfrOv3rfl0w service: cgibase severity: low (details) | rejected | [0] big news |
| SpaceBoyZ | BY: struppi service: VDspi severity: low (details) | rejected | [0] too late |
| Janet Reno Redemption Fund$ | BY: adc service: CONTEST severity: HIGH (details) | rejected | [0] Living may result in dying |
| h4ck!nb3rg | BY: churchy service: ultrashare severity: low (details) | accepted | [1] Just a small test script, but you;re right. This is a bug. |
| mr. grinch | BY: anonymous coward service: ultrashare severity: medium (details) | rejected | [0] |
| Janet Reno Redemption Fund$ | BY: adc service: CGIBAS severity: low (details) | accepted | [1] ok |
| HeroeZ | BY: anonymous coward service: Goferdee severity: medium (details) | rejected | [0] Fix missing |
| HeroeZ | BY: anonymous coward service: Goferdee severity: low (details) | rejected | [0] Impact, fix missing;-( |
| Ailuropoda Melanoleucas | BY: Samsa service: ultrashare severity: medium (details) | accepted | [2] Yes. You're right. Sessions should be used more carefully. |
| WiiPhonies | BY: John_K service: CGIBAS severity: high (details) | accepted | [1] not exactly new (see adv sumthin from sq), but extend of bug is now realized |
| Janet Reno Redemption Fund$ | BY: anonymous coward service: Goferdee severity: high (details) | rejected | [0] Sorry, you were too late |
| Stealth Assassin | BY: thaidn service: UltraShare severity: medium (details) | rejected | [0] Its a dup! They proposed the same solution and addressed the same problem. The main problem relies in @db.deleteFile. The fix fixes the same thing. |
| Janet Reno Redemption Fund$ | BY: adc service: Cashflags severity: low (details) | rejected | [0] Not a problem of cachflags, can you propose an alternate protocol? |
| h4ck!nb3rg | BY: churchy service: ultrashare severity: low (details) | accepted | [2] Thats nice. |
| Stealth Assassin | BY: thaidn service: UltraShare severity: medium (details) | rejected | [0] I cannot delete a user without admin rights in my version. |
| Stealth Assassin | BY: thaidn service: UltraShare severity: medium (details) | rejected | [0] Duplicate of #60 |
| Stealth Assassin | BY: thaidn service: ultrashare severity: medium (details) | rejected | [0] I doubt that. It s finally checked in deleteUser, isnt it? first line: if admin? ... If Im wrong, plz repost adv |
| SpaceBoyZ | BY: struppi service: VDspi severity: low (details) | rejected | [0] too late |
| OpenTU | BY: anonymous coward service: goffer severity: medium (details) | accepted | [2] nice one :) |
| Stealth Assassin | BY: bluemood service: cgibas severity: medium (details) | rejected | [0] has been posted first time some hours ago |
| Stealth Assassin | BY: thaidn service: Ultrashare severity: high (details) | accepted | [2] Yes. I already forgot that I have introduced this bug. |
| squareroots | BY: manager service: ultrashare severity: low (details) | accepted | [1] ok. |
| squareroots | BY: manager service: VDspi severity: low (details) | rejected | [0] b0ring |
| squareroots | BY: manager service: CGIBAS severity: low (details) | rejected | [0] b0ring |
| squareroots | BY: manager service: goferdee severity: low (details) | rejected | [0] Admin problem |
| Janet Reno Redemption Fund$ | BY: adc service: cgibas severity: high (details) | rejected | [0] has been reported by squareroots a while ago |
| h4ck!nb3rg | BY: churchy service: ultrashare severity: low (details) | accepted | [2] your right. XXS is a big issue in this service. |
| Stealth Assassin | BY: lamer service: ultrashare severity: high (details) | accepted | [2] Your are right. |
| dameuse-pelteuse | BY: het service: VDS severity: high (details) | rejected | [0] Fix your service plz :P |
| WiiPhonies | BY: John_K service: VDSI severity: high (details) | accepted | [1] already reported, but point for the detailed fix :) |
| Diskin | BY: diskin service: CGIBAS severity: low (details) | rejected | [0] no more XSS for cgibas, please |
| squareroots | BY: manager service: CGIBAS severity: high (details) | accepted | [3] very nice |
| Ailuropoda Melanoleucas | BY: Samsa service: vdspi severity: low (details) | accepted | [1] ok. |
| Stealth Assassin | BY: bluemood service: cgibas severity: low (details) | accepted | [1] violates FCFS policy (single exception from rule), but still - I like it |
| h4ck!nb3rg | BY: churchy service: ultrashare severity: low (details) | accepted | [4] Cool. I was not aware of this bug |
| 61xor42 | BY: lwi service: cgibas severity: low (details) | rejected | [0] (1) no more XSS for cgibas, please (2) more elaborated fixes, plz |
| WiiPhonies | BY: c1de0x service: CGIBAS severity: medium (details) | rejected | [0] (1) no more XSS for cgibas, please (2) more elaborated fixes, plz |
| Ailuropoda Melanoleucas | BY: Samsa service: cgibas severity: medium (details) | accepted | [1] would have given more points for fix in BASIC. well, you didn't wanted to have them ;-P |
| h4ck!nb3rg | BY: churchy service: ultrashare severity: medium (details) | accepted | [3] This bug is new to me. |
| int80 | BY: scyclops service: vdspi severity: low (details) | accepted | [2] yup. |
| h4ck!nb3rg | BY: churchy service: ultrashare severity: low (details) | accepted | [2] Yes. This counts :-) |
| WiiPhonies | BY: Ge0rG service: vdspi severity: high (details) | accepted | [2] correct. |
| Ailuropoda Melanoleucas | BY: Samsa service: cgibas severity: medium (details) | rejected | [0] fix is not elaborated enough |
| nosec/!eof | BY: watz service: ultrashare severity: low (details) | rejected | [0] The original config.rb was correct. Maybe you change something... |
| Janet Reno Redemption Fund$ | BY: adc service: VDspi severity: medium (details) | accepted | [2] correct. |
| OpenTU | BY: anonymous coward service: goffer severity: high (details) | rejected | [0] Good, but this was already reported |
| gongbaojiding | BY: js service: vdspi severity: high (details) | rejected | [0] too late |
| gongbaojiding | BY: js service: 10.131.1.2 severity: high (details) | rejected | [0] Service "10.13.1.2" doesn't exist;) |
| Stealth Assassin | BY: thaidn service: vdspi severity: medium (details) | rejected | [0] doesn't really fix the issue |
| Stealth Assassin | BY: thaidn service: vdspi severity: medium (details) | rejected | [0] missing fix |
| WiiPhonies | BY: Ge0rG service: vdspi severity: low (details) | accepted | [1] yep. |
| WiiPhonies | BY: Ge0rG service: vdspi severity: high (details) | accepted | [2] yep. |
| gongbaojiding | BY: js service: ultrashare severity: medium (details) | accepted | [1] Yes! It s a sql injection |
| WiiPhonies | BY: Ge0rG service: cgibas severity: low (details) | accepted | [3] wow - finally a nicely printed fix :-)) |
| Stealth Assassin | BY: lamer service: vdspi severity: medium (details) | rejected | [0] missing fix |
| Ailuropoda Melanoleucas | BY: Samsa service: cgibas severity: medium/high (details) | accepted | [2] y00 |
| h4ck!nb3rg | BY: churchy service: ultrashare severity: medium (details) | rejected | [0] It's not a SQL Injection. Fix isn't working |
| nosec/!eof | BY: watz service: cgibas severity: medium (details) | rejected | [0] boring |
| nosec/!eof | BY: Silicium service: cgibas severity: medium (details) | rejected | [0] too unspecific fix |
| OpenTU | BY: anonymous coward service: unknown/several severity: high (details) | rejected | [0] Sry. Neither it's a service nor a system related bug. (only those are counting) |
| KEVA | BY: slashd service: cgbas severity: medium (details) | rejected | [0] too late - see advisory 25 |
| WiiPhonies | BY: Ge0rG service: vdspi severity: low (details) | rejected | [0] proposed fix introduces a new bug - service could return unintended results |
| Stealth Assassin | BY: thaidn service: vdspi severity: high (details) | accepted | [2] yes. |
| WiiPhonies | BY: Ge0rG service: LeetWWW severity: low (details) | accepted | [1] Sorry about that; but you are right: 8080 is indeed the correct port |
| KEVA | BY: slashd service: cgibass severity: high (details) | rejected | [0] no precise problem and impact description |
| Stealth Assassin | BY: lamer service: gopherdee severity: high (details) | rejected | [0] Fix missing => Reject. |
| Stealth Assassin | BY: lamer service: vdspi severity: low (details) | rejected | [0] missing fix. you don't have to provide source code, the right concept is sufficient. |
| dameuse-pelteuse | BY: het service: vdspi severity: high (details) | accepted | [2] It's pretty hard to get all the automatic checks disabled, BTW. |
| Stealth Assassin | BY: lamer service: vdspi severity: low (details) | rejected | [0] missing fix, sorry. it's not that hard... |
| WiiPhonies | BY: Ge0rG service: vdspi severity: high (details) | accepted | [2] yup. |
| WiiPhonies | BY: Ge0rG service: vdspi severity: high (details) | accepted | [2] yup. |
| Stealth Assassin | BY: lamer service: cgibas severity: high (details) | accepted | [2] this fix is not really complete and will result in synatx error, but is sufficient for points |
| Ailuropoda Melanoleucas | BY: ailurotest service: ICANHASGOFERDEE severity: medium (details) | accepted | [2] ok. |
| Ailuropoda Melanoleucas | BY: Samsa service: cgibas severity: medium (details) | accepted | [1] japp |
| h4ck!nb3rg | BY: fid service: system severity: medium (details) | accepted | [1] ok. |
| squareroots | BY: manager service: CGIBAS severity: high (details) | rejected | [0] advisory 20 was faster, sorry |
| nosec/!eof | BY: thorben service: /etc/passwd severity: low (details) | accepted | [1] ok. |
| Ailuropoda Melanoleucas | BY: Samsa service: cgibas severity: high (details) | accepted | [3] very nice |
| Stealth Assassin | BY: lamer service: cgibas severity: medium (details) | accepted | [2] though problem description is wrong, fix will work |
| nosec/!eof | BY: cjay service: vdspi severity: medium (details) | accepted | [1] ok. |
| OpenTU | BY: anonymous coward service: CGIBASS severity: high (details) | rejected | [0] is not a problem of the service, but rather of the OS - we consider this not applicable for scores |
| Ailuropoda Melanoleucas | BY: Samsa service: cgibas severity: high (details) | rejected | [0] please specify fix in code or be more verbose |
| nosec/!eof | BY: thorben service: goffer severity: low (details) | rejected | [0] too late.. other team was faster |
| nosec/!eof | BY: thorben service: vdspi severity: low (details) | rejected | [0] too late.. other team was faster |
| KEVA | BY: slashd service: cgibas severity: high (details) | rejected | [0] fix should be code, or at least reasonable explicit |
| 61xor42 | BY: lwi service: lighttpd/web2.0 severity: low (details) | rejected | [0] no fix given |
| Ailuropoda Melanoleucas | BY: ailurotest service: ICANHASGOFERDEE severity: high (details) | rejected | [0] We need more details |
| KEVA | BY: slashd service: cgibas severity: medium (details) | rejected | [0] no fix given |
| KEVA | BY: slashd service: cgibas severity: medium (details) | rejected | [0] no fix given |
| h4ck!nb3rg | BY: fid service: VDspi severity: high (details) | rejected | [0] absence of user/pass authentication is by design |
| KEVA | BY: slashd service: cgibas severity: medium (details) | rejected | [0] no fix given |
| h4ck!nb3rg | BY: churchy service: ultrashare severity: high (details) | accepted | [1] Yes. you are right. |
| KEVA | BY: slashd service: cgibass severity: high (details) | rejected | [0] missing fix |
| Ailuropoda Melanoleucas | BY: ailurotest service: testing123 severity: low (details) | rejected | [0] Please stop reporting Test Adv. |
| Ailuropoda Melanoleucas | BY: ailurotest service: severity: low (details) | accepted | [1] Thx for testing |
| localhost | BY: hc service: noch ein advi severity: sory, high (details) | accepted | [1] asdf |
| localhost | BY: hc service: zweites severity: foo (details) | accepted | [5] cool |
| localhost | BY: hc service: foo severity: rl (details) | rejected | [0] asdf |
Team ranks -- Service states -- Advisories -- Pending advisories