HC's Capture the Flag website
CTF Contests
25C3-CTF
25C3-CTF final results
Advisory #86
From team Janet Reno Redemption Fund$
New advisory by : adc
Affected service(s): Cashflags
Severity [lmh] : low
===== Problem =====
It is possible to intercept cashflag flags
with command execution on a vulnerable server,
just listen up on the port. Theres no form
of authenticationc
===== Impact =====
You can steal extra poitns for extra fun
===== Fix =====
cashflags protocol or lack thereof is inherently broken
Rating
[0] Not a problem of cachflags, can you propose an alternate protocol?