HC's Capture the Flag website
CTF Contests
25C3-CTF
25C3-CTF final results
Advisory #108
From team hohh
New advisory by : EQ
Affected service(s): Goferdee
Severity [lmh] : high
===== Problem =====
the flagstore part allows to modify the original execution.
===== Impact =====
remote code execution
===== Fix =====
new regexp: allow only [a-zA-z0-9]* not .* and forbid the "ls", because without it, you can overwrite the executable.
Rating
[0] was already reported