HC's Capture the Flag website
CTF Contests
25C3-CTF
25C3-CTF final results
Advisory #104
From team Stealth Assassin
New advisory by : lamer
Affected service(s): gopherdee
Severity [lmh] : high
Problem
--------
FLAGSTORE command can be used to overwrite multiple script inside /service/ICANHASGOFERDEE, includung shell scripts such as goferdee.sh, ls and run due to the wrong permissions for those files
===== Impact =====
Can overwirte script to execute command under gopher user or even root by overwriting `run` script
===== Fix =====
chown root:root goferdee.lol goferdee.sh ls run
Rating
[1] nice fix