CSCAMP 2014CTF|writeup web-7amama Book

We can see the description first:

Description:

7amamaBook is a social media website where people can sign up and share with each other. It has a bug bounty program and you found a bug and reported it but they refuse to pay you so you want to give them a payback by hacking it.

Then I open the webpage(http://178.63.58.69:8082/bounty.php), I find the web manager post something like this:

We don’t pay for CSRF vulnerability.

OK, there must have a CSRF vulnerability on this website. Let’s hack it!
I register a account test233 first. Then user this account to log in this website.
When I check the view-source  of the homepage I find a link: http://178.63.58.69:8082/settings.php
On this page there is nothing to defend the CSRF attack, so we can change anyone’s password as we can.
I also find another very important link: http://178.63.58.69:8082/profile.php?user=7atata
Sorry, you can’t view this post.
This post’s privacy is set to “Only me”

This remind us to update the password of the user 7atata.

And then we get to that page, we find the flag is over there

About the Author

admin

Leave a Reply

Your email address will not be published. Required fields are marked *