HC's Capture the Flag website
CTF Contests
25C3-CTF
25C3-CTF final results
Advisory #12
From team Ailuropoda Melanoleucas
New advisory by : ailurotest
Affected service(s): ICANHASGOFERDEE
Severity [lmh] : high
===== Problem =====
The service runs a daemon written in lolcode
without performing proper input sanitizing.
FLAGSTORE command allows to execute commands in the server.
===== Impact =====
Remote execution of shell commands
===== Fix =====
Sanitize input before performing cmd commands.
Rating
[0] We need more details