CSAWCTF 2020 Qualification Round Writeup

widthless (Web) Challenge Description Welcome to web! Let's start off with something kinda funky 🙂 http://web.chal.csaw.io:5018 Solution First, go to the actual website. Nothing looks special, next I checked source-code and found there is a comment saying something about "zwsp". After some researching, "zwsp" stands for "Zero-Width-Space", essentially some unicode characters which do not appear … Continue reading CSAWCTF 2020 Qualification Round Writeup

File Inclusion and Directory Traversal, what files to look at? Linux Edition

Introduction File inclusion and directory traversal is always chained together. Depends on the application those vulnerabilities can do different damages. From file disclosure to code execution. Methodology I always check for file inclusion when I see those URLs: http://localhost/?page=home, or the parameter is file or filename, you get the idea. I first check if home.php … Continue reading File Inclusion and Directory Traversal, what files to look at? Linux Edition