HC's Capture the Flag website
CTF Contests
25C3-CTF
25C3-CTF final results
Advisory #112
From team nosec/!eof
New advisory by : thorben
Affected service(s): ICANHASGOFERDEE
Severity [lmh] : high
===== Problem =====
goferdee lists contents of arbitrary files in datadir, if the reverse of their names is known
===== Impact =====
as flags are stored in files in the datadir, this is a pretty big issue
===== Fix =====
remove the line containing:
'VISIBLE loop_index N " "!'
Rating
[0] was already reported