HC's Capture the Flag website
CTF Contests
25C3-CTF
25C3-CTF final results
Advisory #78
From team Stealth Assassin
New advisory by : thaidn
Affected service(s): Ultrashare
Severity [lmh] : high
===== Problem =====
curUser in main.rb can be leveraged to impersonate other users, including admins
===== Impact =====
steal other user's accounT and fileS
===== Fix =====
remove line 23 in main.rb
Rating
[2] Yes. I already forgot that I have introduced this bug.