Tags: nginx wsgi 

Rating: 5.0

tl;dr

  • Bypass nginx's DENY ALL using SCRIPT_NAME
  • Calculate key_id uploading flag.txt.enc
  • Leak the key and decrypt flag.txt.enc
Original writeup (https://blog.bi0s.in/2021/09/14/Web/CSAW'21-Gatekeeping/).