HC's Capture the Flag website
CTF Contests
25C3-CTF
25C3-CTF final results
Advisory #57
From team WiiPhonies
New advisory by : Ge0rG
Affected service(s): vdspi
Severity [lmh] : high
===== Problem =====
VDspi allows to search for empty names, dumping the whole database.
Reproduce:
1 -> 2 -> <enter> -> <enter>
===== Impact =====
Reading of all Flags in database possible.
===== Fix =====
The following function should be deployed:
function Search_By_Name (db : Person_DB;
first : String;
last : String;
process : not null access procedure
(p : in Person_Type))
return Natural is
function pred (p : Person_Type) return Boolean is
f : String := Person.First_Name (p);
l : String := Person.Last_Name (p);
begin
if f = first and l = last then
return True;
else
return False;
end if;
end pred;
begin
return Search_By_Pred (db, pred'Access, process);
end Search_By_Name;
Rating
[2] correct.