English [Cybercamp 2015] [Web 11 – Convert to uppercase] Write Up

Description

Title : Convert to uppercase

The goal of this website is to convert strings from lowercase to uppercase, as we can see below.

web11 index
What an useful website !

When we try to convert some text, nothing happened. Strange for a website that should convert to uppercase. So, in order to check why it doesn’t work, I looked at the source code.

web11 source
hmmm… Is it a hint ?

In the source code, we clearly see that there is some limitations to the conversion. We could only convert what is inside <h1-6></h1-6>. After putting a <h1>string</h1>, I saw that the conversion was OK. So, now how to find a vulnerability with that?

I tried some XSS, which worked perfectly, but the vulnerability wasn’t there. So, where could it be?!

After a few minutes, I remembered  an article that I’ve read long time ago about a vulnerability in bbCode. This flaw was using the regex e modifier. This modifier is like magic! It litterally takes the value from the regex to execute it! Yep. Like magic. So, now, we just have to try it by listing the directory for example.

web11 regex
It worked !

Amazing, I now have all files listed just in front of me! And, in these files… Oh yes ! t0ken.php. We just have to load it…

web11 flag
One more token

 

And here comes the flag !

Enjoy

The lsd

Leave a Reply

Your email address will not be published.