DEV Community

Esther mueni
Esther mueni

Posted on • Updated on

Hacker101 CTF-Micro-CMS v1

  • Difficulty: Easy
  • Skills: Web

Flag0

I created a new page and realized the indexing was weird. The 'test' and 'markdown' page already created is indexed as page 1 and 2 respectively. However, when a new page is created, it is indexed as 10.
This means that page 3 and 9 are missing or hidden. So by editing the page number on the website address, I tried opening pages 3 to 9. All the pages showed 404 except page 6 which displayed a forbidden message.

Looking at how other pages are edited, I noticed a pattern in using their index. So applying a similar concept and opened page 6 in editing mode, getting the flag.

Flag1

The hint in the flag suggested trying out the normal culprits; XSS, SQL injection, path injection. So I went with XSS, adding a script tag in all inputs. I was using < script>intruder()< /script > and pasting it in all the inputs.

I tried creating a new page and for the page title, I input this script tag. When I saved the page, the flag popped up in an alert box.

Flag2

For this flag, I injected an alert code in the button on Markdown test page. On clicking the button, I got the flag from the inspect page.

Flag3

For this flag, I considered SQl injection to examine it. The hint indicates that one needs to try other options lest script tags. In the pages, I added an apostrophe (') at the end of the url and finally got the flag from the edit page.

Top comments (1)

Collapse
 
nixx0328 profile image
Nixx0328

能讲一下FLAG1时所说的“flag提示”是什么意思吗?