HC's Capture the Flag website
CTF Contests
25C3-CTF
25C3-CTF final results
Advisory #92
From team HeroeZ
New advisory by : anonymous coward
Affected service(s): Goferdee
Severity [lmh] : medium
===== Problem =====
FLAGSTORE command can be used to overwrite ./ls script, which is used to implement 'dir' command
===== Impact =====
Exploit: FLAGSTORE reversed_cmd_string destination
This will be executed as echo normalized_cmd_string > destination
Example: FLAGSTORE "di" ls, *reconnect*, listing
===== Fix =====
Rating
[0] Fix missing