Sunday 21 February 2016

Internetwache CTF 2016 Replace with Grace

Question:

Service : https://replace-with-grace.ctf.internetwache.org/

Solution :

The webpage had 3 parameters : search,replace and content

An example would be :
search : /cow/
replace : cat
content : cows are cute

output : cats are cute.

As the webpage uses php, I googled for php search and replace regex

Now I was clear that it uses preg_replace function. Searching for flaws in preg_replace I found that it is prone to command execution using the modifier "e"



This website explains it better :  https://bitquark.co.uk/blog/2013/07/23/the_unexpected_dangers_of_preg_replace

Time for practicals


and there we have what we want. Isn't it ?



FLAG : IW{R3Pl4c3_N0t_S4F3}

No comments:

Post a Comment

enter valid comments.Suggestions are most welcome and would be interested in correcting my mistakes.