HC's Capture the Flag website
CTF Contests
25C3-CTF
25C3-CTF final results
Advisory #71
From team Stealth Assassin
New advisory by : lamer
Affected service(s): ultrashare
Severity [lmh] : high
===== Problem =====
Hidden command "show".
===== Impact =====
Together with the reported SQL injection, one can list all the files.
===== Fix =====
Disable the show command in main.rb.
Rating
[2] Your are right.