Resume
| ID: | 2175 |
|---|---|
| 标题: | Resume |
| 描述: | Challenge Details This challenge is testing on SSRF(I personally think it is much more than a SSRF, just imagine a scenario where a browser reside in the internal network is executing arbitrary HTML/JS file you feed it). A resume generator website, user can enter their personal details, backend will generate a HTML resume template and call wkhtmltopdf to generate the PDF file from that HTML resume. In the older version of wkhtmltopdf(prior of the latest 12.6, refer to wkhtmltopdf/wkhtmltopdf#4536 ), it is vulnerable to local file disclosure. I am hosting another website locally, its domain will be resolved via /etc/hosts. This website requires login, but weak credentials are being used. Player needs to craft an auto-submitting form to login to the website to get the flag. |
| 类型: | CTF-2021 |
| 网站: | bugku |
| 题目链接: | https://ctf.bugku.com/challenges/detail/id/2323.html |
| 赛事: | Welcome |
| 年度: | None |
| Flag值: | 题目答案文本 |
| writeup: |
验证后的网址 通过SSRF漏洞利用wkhtmltopdf 0.12.5的目录遍历漏洞读取服务器文件(如/etc/passwd),并结合内网IP访问实现文件读取与权限突破,最终通过构造恶意PDF加载内网服务获取flag 1 https://ctf.bugku.com/writeup/detail/id/1425.html |