๋ณธ๋ฌธ ๋ฐ”๋กœ๊ฐ€๊ธฐ
๋ฐ˜์‘ํ˜•

์ „์ฒด ๊ธ€50

[Dreamhack] Level1: Session-basic ๐Ÿ›Ž๏ธAccess ์ฟ ํ‚ค๋กœ ์ธ์ฆ ์ƒํƒœ๋ฅผ ๊ด€๋ฆฌํ•˜๋Š” ๊ฐ„๋‹จํ•œ ๋กœ๊ทธ์ธ ์„œ๋น„์Šค์—์„œ admin ๊ณ„์ •์œผ๋กœ ๋กœ๊ทธ์ธ์— ์„ฑ๊ณตํ•˜๋ฉด ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•  ์ˆ˜ ์žˆ๋Š” ๋ฌธ์ œ์˜€์Šต๋‹ˆ๋‹ค. ๐Ÿ‘พExploit Algorithm & Payload ๋”๋ณด๊ธฐ #!/usr/bin/python3 from flask import Flask, request, render_template, make_response, redirect, url_for app = Flask(__name__) try: FLAG = open('./flag.txt', 'r').read() except: FLAG = '[**FLAG**]' users = { 'guest': 'guest', 'user': 'user1234', 'admin': FLAG } # this is our session s.. 2023. 8. 17.
[Dreamhack] Level1: cookie ๐Ÿ›Ž๏ธAccess ์ฟ ํ‚ค๋กœ ์ธ์ฆ ์ƒํƒœ๋ฅผ ๊ด€๋ฆฌํ•˜๋Š” ๊ฐ„๋‹จํ•œ ๋กœ๊ทธ์ธ ์„œ๋น„์Šค์—์„œ admin ๊ณ„์ •์œผ๋กœ ๋กœ๊ทธ์ธ์— ์„ฑ๊ณตํ•˜๋ฉด ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•  ์ˆ˜ ์žˆ๋Š” ๋ฌธ์ œ์˜€์Šต๋‹ˆ๋‹ค. ๐Ÿ‘พExploit Algorithm & Payload ๋”๋ณด๊ธฐ #!/usr/bin/python3 from flask import Flask, request, render_template, make_response, redirect, url_for app = Flask(__name__) try: FLAG = open('./flag.txt', 'r').read() except: FLAG = '[**FLAG**]' users = { 'guest': 'guest', 'admin': FLAG } @app.route('/') def index(): username = req.. 2023. 8. 17.
๋ฐ˜์‘ํ˜•

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”