Capture the Flag by SecurityBoat Jan 2024 Challenge!
Jan 6, 2024
Capture the Flag (CTF) report includes findings on login bypass and an Arbitrary File Upload Vulnerability.
- Navigate this Endpoint http://ctf.securityboat.net/login.html.
- Enter login bypass payload “admin’ or ‘1’=’1- — ” as shown below screenshot.
3. Now, Goto “Products” functionality, after filling all details, Upload php shell in “Images” parameter.
4. After shell has been uploaded, recall shell along with “cat+/home/flag.txt” command.