반응형
wolvctf Charlotte's Web Writeup
Description
Welcome to the web!
사이트에 접속하면 위와 같이 나온다. 먼저 문제를 풀기 위해 코드부터 확인했다.
<!DOCTYPE html>
<html>
<head>
<title>index</title>
<script>
function start() {
alert("where's the flag? i swear it was around here somewhere");
}
</script>
</head>
<body>
<button onclick='start()'>click me for the flag</button>
<!-- /src -->
</body>
</html>주석처리로 /src가 있길래 들어갔고, 코드가 나왔다.
import flask
app = flask.Flask(__name__)
@app.route('/', methods=['GET'])
def index():
return flask.send_file('index.html')
@app.route('/src', methods=['GET'])
def source():
return flask.send_file('app.py')
@app.route('/super-secret-route-nobody-will-guess', methods=['PUT'])
def flag():
return open('flag').read()super-secret-route-nobody-will-guess 로 PUT 메소드로 접속했다.
solution
728x90
'웹해킹 > CTF' 카테고리의 다른 글
| Wolve CTF 2023 zombie101 Writeup (0) | 2023.03.21 |
|---|---|
| b01lers CTF warmup Writeup (0) | 2023.03.20 |
| Nullcon Berlin HackIM 2023 CTF - WEB zpr Writeup (0) | 2023.03.12 |
| Nullcon Berlin HackIM 2023 CTF - WEB reguest Writeup (0) | 2023.03.12 |
| kalmarctf forensic sewing-waste-and-agriculture-leftovers Writeup (0) | 2023.03.06 |
