The first challenge was available at http://159.203.178.9. The root page introduces a hidden service that allows to securely store notes. The goal is to find a flag hidden in one of these notes.
| import re | |
| import sys | |
| VULNERABLE_HREF = r'href: [^"].+[^\s]?' | |
| DANGEROUSLY_SET_INNER_HTML = r'__html: .+[^\s]?' | |
| STATE_VALUES = r'\.setState\({([\s\S]*?)}\)' | |
| #false_positives = ("this.props.team.", "constants.") | |
| def find_state_candidates(name, states): |
| # https://cloud.google.com/iap/docs/authentication-howto | |
| import json | |
| import time | |
| from jwt import JWT, jwk_from_pem | |
| import requests | |
| jwt = JWT() |
Summary
Jolokia 1.6.0 is vulnerable to CSRF. This holds true for properly configured instances with strict checking for origin and referrer headers. The issue was fixed in version 1.6.1.
Red Hat Security Advisory: https://access.redhat.com/security/cve/cve-2018-10899
Details
In version 1.2.1 Jolokia introduced a <strict-checking/> option within the Cross-Origin Resource Sharing policy defined in jolokia-access.xml to prevent CSRF (4.1.5).
| fetch('http://165.227.165.4:8888'); |