HC's Capture the Flag website
CTF Contests
25C3-CTF
25C3-CTF final results
Advisory #45
From team WiiPhonies
New advisory by : Ge0rG
Affected service(s): cgibas
Severity [lmh] : low
===== Problem =====
The directory traversal mentioned in #14 and #27 allows writing to the FS.
===== Impact =====
Writing to any file accessible by the daemon
===== Fix =====
The following code works without syntax errors
1911 let idx=index$(gimme,"..")
1913 if idx <> 0 then goto 2000
1914 goto 3000
REM at the bottom of the file:
3000 rem foo
Rating
[3] wow - finally a nicely printed fix :-))