CTFtime.org / UIUCTF 2020 / Just a Normal CTF / Writeup

After going to the link, which is a CTFd platform, we register an account and click the "Challenges" tab. It then gives us a hint that getting the flag is related to Whitespaces.

![img](https://gblobscdn.gitbook.com/assets%2F-MC_WJo7n-9hFwfJ__aw%2F-MCwP_6u6XO9BM-G3Cq9%2F-MCyxsf8H5YptONFConS%2Fimage.png?alt=media&token=64c5849b-4dec-4a99-a135-539a5f8356a0)

Searching for vulnerabilities related to Whitespace and the CTFd platform, we find CVE-2020-7245. Using this vulnerability, one can register for an account that already exists by prepending or appending whitespaces. After an attempt to reset the password for the username with whitespaces, it would also reset the username of the victim due to a username collision.

![img](https://gblobscdn.gitbook.com/assets%2F-MC_WJo7n-9hFwfJ__aw%2F-MCwP_6u6XO9BM-G3Cq9%2F-MCyxxLj4d-J3F4lzHia%2Fimage.png?alt=media&token=0ff71108-3112-4cd8-9766-2e59cf9a9e99)

Thus, we do the following steps:

1. Sign up for an "admin" account and prepend/append whitespaces.
2. Take note of the email account that you used to register for the fake "admin" account.
3. Log out of the account.
4. Click "Forgot Your Password?"
5. Type in the same email in step 2.
6. Change it to a password of your choosing.
7. Log in to victim account "admin".
8. Now we notice that there is an additional "Admin Control Panel".
9. We find the flag as per the Screenshot below.

![img](https://gblobscdn.gitbook.com/assets%2F-MC_WJo7n-9hFwfJ__aw%2F-MCwP_6u6XO9BM-G3Cq9%2F-MCyy17CEOhLalXW5f5L%2Fimage.png?alt=media&token=07de9a87-9074-4420-9f48-cc01b4759025)

**Flag: uiuctf{defeating_security_with_a_spacebar!}**

Original writeup (https://deric.gitbook.io/ctf-writeups/uiuctf-2020/web/just-a-normal-ctf).

Just a Normal CTF

Comments

Sign in with