Capture The Flag
  • 🏠 Home
  • CTF 2024
    • 🖥INTIGRITI 2024
      • Warmup - Babyflow
      • OSINT - Bob L'éponge
  • CTF 2022
    • 🖥 ROOTCON 16 Pre-Qualifier
      • 1️⃣ Easy 300: Illusive Mind with Illusive Thoughts
      • 2️⃣ Easy 300: Hack and Take a Break
    • 🖥 HTB Cyber Apocalypse 2022 Intergalactic Chase
      • 1️⃣ Web 300: Kryptos Support
      • 2️⃣ Web 300: BlinkerFluids
  • CTF 2021
    • 🖥 ROOTCON 15 CTF
      • Exploitation 4
      • Exploitation 6
      • Web 200
    • 🖥 HTB Business CTF 2021
      • Time
      • NoteQL
  • CTF 2020
    • 🖥 ROOTCON RECOVERY MODE
      • Forensics (Warm Up)
      • Web (Wizardry)
Powered by GitBook
On this page
  1. CTF 2022
  2. 🖥 HTB Cyber Apocalypse 2022 Intergalactic Chase

2️⃣ Web 300: BlinkerFluids

Previous1️⃣ Web 300: Kryptos SupportNext🖥 ROOTCON 15 CTF

Last updated 2 years ago

The challenge contains of web app and a source code. The page contains of markdown editor and after submission it convert the text to pdf.

Reviewing the source code and its node.js, basically checking the packages.json for possible vulnerable packages, that's where I notice the md-to-pdf package.

Which leads me to check to the github issues where I found an interesting comment.

I created an RCE code and supplied it to the markdown editor and I click submit.

Then, I created another markdown to check if the rce2.txt is created, and it listed all the files which the rce2.txt has been created.

I created a final markdown content to read the rce2.txt, then i got the flag.

Conclusion: Package vulnerabilities help me get the flag that highlighted the importance of source code review.

Then I tried to searched for possible exploit and found RCE on snyk.io :

https://security.snyk.io/vuln/SNYK-JS-MDTOPDF-1657880