HC's Capture the Flag website
CTF Contests
25C3-CTF
25C3-CTF final results
Advisory #65
From team Stealth Assassin
New advisory by : bluemood
Affected service(s): cgibas
Severity [lmh] : low
===== Problem =====
Replaced to #45 for #14 and #27
===== Impact =====
Uploading illegal chars in upload.bas and get invalid file in download.bas
===== Fix =====
in upload.bas
1003 let idx=index$(caption;",";"..")
1004 if idx > -1 then goto 7000
1005 let idx1=index$(caption;",";"/")
1006 if idx1 > -1 then goto 7000
4001 goto 10000
7000 print "Access denied!"
in download.bas
1920 let idx=index$(gimme;",";"..")
1940 if idx > -1 then goto 2200
1950 let idx1=index$(gimme;",";"/")
1960 if idx1 > -1 then goto 2200
2110 goto 10000
2200 print "Access denied!"
Rating
[1] violates FCFS policy (single exception from rule), but still - I like it