wtf.sh was a challenge that included two flags, one for 150pts and one for 400pts.
In the first part we needed to call the function get_flag1
in order to receive the flag. The post
parameter of post.wtf
was vulnerable to a path traversal:
GET /profile.wtf?user=../posts HTTP/1.1