[WEB] Under Construction

Opening discussion on the new web challenge Under Construction!!

Great challenge, a little bit of everything.
I do not agree with the message in the flag. The core problem is surely different to the one described in the flag.

After 2 hours I spot the download, still doesn’t help me lol

Yeh! It’s the same for me! After half day I decided to download the zip but still nothing.
Someone of you could give to me some hints? In my opinion it is something like SQL injection because otherwise how can I read the “flag text” in a website?
Thank you guys!

Awesome challenge !
You have to exploit two things.

For the initial foothold, look at the sweet thing when you are logged in.

Btw, I don’t know why you speak about downloading things or maybe there are unintended ways.

Enjoyed the choice of DB. Something different.

Sometimes this error " user “”> doesn’t exist in our database." happens. Is it the right way?

Type your comment> @Ga330 said:

Sometimes this error " user “”> doesn’t exist in our database." happens. Is it the right way?

I think so, maybe it is indicating for sql injection. Because if you see the downloaded files, there is an exception.

My guess is that it is with some Loop SQL Injection :smiley: We need to bypass the sanitizing login first…

Spoiler Removed

Type your comment> @thecowmilk said:

Type your comment> @Ga330 said:

Sometimes this error " user “”> doesn’t exist in our database." happens. Is it the right way?

I think so, maybe it is indicating for sql injection. Because if you see the downloaded files, there is an exception.

For this challenge I found two different ways but I don’t know which one is the best. The first way is to try by using some SQL code to be execute as I mentioned before. The second way could be to make the flag appears once the login is done. And this is why I notice that if you write some javascript code (like alert() message) it will be executed in the main page after login.
So my question are, in your opinion, what is the best way to capture the flag? In the second way (using an alert() message) is it possible to make the flag appear in some how?

Thank you guys!

■■■■… I haven’t solved the challenge yet and I commented something which was a spoiler… I’M SHOCKED!

@Ga330 said:
Type your comment> @thecowmilk said:

Type your comment> @Ga330 said:

Sometimes this error " user “”> doesn’t exist in our database." happens. Is it the right way?

I think so, maybe it is indicating for sql injection. Because if you see the downloaded files, there is an exception.

For this challenge I found two different ways but I don’t know which one is the best. The first way is to try by using some SQL code to be execute as I mentioned before. The second way could be to make the flag appears once the login is done. And this is why I notice that if you write some javascript code (like alert() message) it will be executed in the main page after login.
So my question are, in your opinion, what is the best way to capture the flag? In the second way (using an alert() message) is it possible to make the flag appear in some how?

Thank you guys!

tbh I have a conclusion that sql is not the the correct way to do it… lol

Yeh :wink: I’m trying to find a way to see the flag by using javascript. The problem is that I don’t know where to find the flag… or better I don’t know how to interact with DB!

Got something working locally, but breaking on docker…

XSS is client side. You do not need to hijack an account…
So imo, XSS or any others clientside attacks are irrevelant here.

Maybe this will help:

  1. There are 2 vulnerabilities (OWASP top 10 <3)
  2. Should simply ‘read’ the flag, not overthink it
  3. No need in javascript at all
    For me, one popular utility didn’t work properly. But python + hands help a lot.

Awesome challenge, had a lot of fun on this one!

Type your comment> @Danr0 said:

Maybe this will help:

  1. There are 2 vulnerabilities (OWASP top 10 <3)
  2. Should simply ‘read’ the flag, not overthink it
  3. No need in javascript at all
    For me, one popular utility didn’t work properly. But python + hands help a lot.

Can you say to me the two vulnerabilities?After two days I’m still trying to solve it…:frowning:

Hmm found a certain ‘private’ something… Not sure what to do with it though