Backdoor2015 Medusa Writeup
Point = 100
Category = Web
The html page you create will be visited by the backdoor admin with the flag. You can enter a fake flag to simulate the challenge.
Get the flag at http://hack.bckdr.in/MEDUSA/
After We open the link that is provided in description we are welcomed with a form.you can send message with html code and after that admin will visit your page with the flag.
Backdoor CTF admin add a hint and mention that they sent flag as post request
this is sample request that admin sent :
when you sent the message Medusa website create id for you. you can visit your message with this id ( same as admin :D )
after some investigation our team found answer !!!
we can redirect admin to another page and get the flag
but if they sent request as post cant log the value in second page.so thinking to Referer attribute in the header.
write some code to get and save the Referer in the text file when admin redirect to our PHP page : Server.php
1 2 3 4
and sent this code as our page to Medusa form :
1 2 3 4
but after admin visit the link flag.txt is empty !!!
no Referer sent to PHP page…
we test several time ( for this challenge or local tests ) and same result,no Referer save in flag.txt
after some research we found out with this kind of header redirection we cant get Referer and we should change that.
1 2 3 4
and guess what?
we have Referer Link in flag.txt :D
and now you have 100 point :D
WriteUp By Fr0nk