Capture the Flag by SecurityBoat Jan 2024 Challenge!

Capture the Flag (CTF) report includes findings on login bypass and an Arbitrary File Upload Vulnerability.

  1. Navigate this Endpoint http://ctf.securityboat.net/login.html.
  2. Enter login bypass payload “admin’ or ‘1’=’1- — ” as shown below screenshot.

3. Now, Goto “Products” functionality, after filling all details, Upload php shell in “Images” parameter.

4. After shell has been uploaded, recall shell along with “cat+/home/flag.txt” command.

--

--