arkark

ASIS CTF Finals 2023

• CTFtime: https://ctftime.org/event/1953

[web] gimme csp

• 47 solves / 96 pts

<body>

shpik-kr

'''
1. hash length extension: Make multi query.
2. header injection: Remove CSP header, and XSS occur
'''

import hashpumpy
import requests

b64e = lambda x:x.encode('base64').replace('\n','')

terjanq

SQLite Voting

function is_valid($str) {
  $banword = [
    // dangerous chars
    // " % ' * + / < = > \ _ ` ~ -
    "[\"%'*+\\/<=>\\\\_`~-]",
 // whitespace chars

stypr

A-z

Simple JS Jail challenge.

It is run on context, so we have nothing but to play with constructor and console.

1337 === eval(our_input)

justecorruptio

M[16],X=16,W,k;main(){T(system("stty cbreak")
);puts(W&1?"WIN":"LOSE");}K[]={2,3,1};s(f,d,i
,j,l,P){for(i=4;i--;)for(j=k=l=0;k<4;)j<4?P=M
[w(d,i,j++)],W|=P>>11,l*P&&(f?M[w(d,i,k)]=l<<
(l==P):0,k++),l=l?P?l-P?P:0:l:P:(f?M[w(d,i,k)
]=l:0,++k,W|=2*!l,l=0);}w(d,i,j){return d?w(d
-1,j,3-i):4*i+j;}T(i){for(i=X+rand()%X;M[i%X]
*i;i--);i?M[i%X]=2<<rand()%2:0;for(W=i=0;i<4;
)s(0,i++);for(i=X,puts("\e[2J\e[H");i--;i%4||
puts(""))printf(M[i]?"%4d|":"    |",M[i]);W-2

cowboy

// OOP
console.log( 'OHAI'.blink() );

// Call invocation
console.log( String.prototype.blink.call('OHAI') );

// $ always makes things look awesome.
var $ = Function.prototype.call;

// Very explicit call invocation

jlong

var parser = document.createElement('a');
parser.href = "http://example.com:3000/pathname/?search=test#hash";

parser.protocol; // => "http:"
parser.hostname; // => "example.com"
parser.port;     // => "3000"
parser.pathname; // => "/pathname/"
parser.search;   // => "?search=test"
parser.hash;     // => "#hash"
parser.host;     // => "example.com:3000"