HC's Capture the Flag website
CTF Contests
25C3-CTF

25C3-CTF final results

Advisory #47

From team WiiPhonies

New advisory by : Ge0rG
Affected service(s): vdspi
Severity [lmh] : high

===== Problem =====

ID search via menu 1 -> 3 is matching for substrings.

===== Impact =====

It is possible to easily enumerate from 0 to 9 to extract all entries in the
database. Stealing of all flags is possible.

===== Fix =====

The ID search can be implemented correctly as follows:

function Search_By_ID (db : in Person_DB;
id : ID_Type;
process : not null access procedure
(p : in Person_Type))
return Natural is
function pred (p : Person_Type) return Boolean is
begin
return (Person.ID (p) = id);
end pred;
begin
return Search_By_Pred (db, pred'Access, process);
end Search_By_ID;

Rating

[2] yep.

Go back

---

Impressum