News
Hints for Jeopardy Challenges / AskBot Questions
Written on 23.01.2020 13:40 by Ben Stock
To keep all of you happily hacking, we are releasing hints for all challenges with less than 10 solves by today. Please find them below. Remember the deadline for solving them is January 27th, 10am.
In addition, don't forget to post your topics for the Q&A lecture at https://cms.cispa.saarland/askbot/websec1920/question/183/topic-for-qa-lecture/
JINJA
- Look at the example in the lecture to see what type of page might cause an attacker-controlled string to be used as a template.
- The offset in the array of functions which are children of object varies from system to system.
PHP POP
- https://www.php.net/manual/de/function.call-user-func-array.php
- Just because a variable is by default boolean does not mean it has to be for every serialized object.
- This challenge works best if done automatically in Python (otherwise c&p might really suck)
CRIME
- In some cases, you'll have a hard time guessing a character because the compression works equally for others. If that happens, save your candidates and try the next one(s).
- It also helps to repeat the string you are testing for a second time.
Owley Madison
- Look for a way to steal a CSRF token. That should enable you to do certain things for the crawler.
- It might be a good idea to outsource most of your attack to another script.
- The way Owley works is that for privacy reasons, your favorites are only stored in localStorage, such that you can select them later for a chat.
- Remember how document.domain works: once a page has set that, any of the subdomains of the target domain can access that page.
SSRF
- The goal should be clear from the secret() function in the code.
- Figure out what happens if for some reason, name resolution doesn't work.
- The solution to the challenge is actually really easy.