Rating: 5.0

Full writeup: https://github.com/p4-team/ctf/tree/master/2017-08-25-hackit/web50

tl;dr: We used CVE-2016-7098

kevin.kadosh – Aug. 28, 2017, 9:59 a.m.

Hello,

How did you know that the avatar was upload with "wget 1.15" ?


Pyhscript – Aug. 28, 2017, 12:49 p.m.

kevin.kadosh if you put picture on your own server then submitted it you could see user agent in logs


kevin.kadosh – Aug. 29, 2017, 7:08 a.m.

Ok, thank you :)