HC's Capture the Flag website
CTF Contests
25C3-CTF
25C3-CTF final results
Advisory #53
From team OpenTU
New advisory by : anonymous coward
Affected service(s): goffer
Severity [lmh] : high
===== Problem =====
The "TIKLE" command executes a command. The command is assembled by concatinating the strings "echo" and "id", as well as two user-given strings. By inputting specially crafted strings, arbitrary code may be executed. Note that while the first string is s
en to end at the first whitespace character, the second string may contain any whitespace.
===== Impact =====
Arbitrary code execution.
===== Fix =====
Change line 27 to
IZ inputz SORTA "FLAGSTORE([A-Za-z0-9]*?)\s+([A-Za-z0-9]+)" O RLY?
thereby only allowing alpha-numerical flag names and flags.
Rating
[0] Good, but this was already reported