2️⃣ Web 300: BlinkerFluids

The challenge contains of web app and a source code. The page contains of markdown editor and after submission it convert the text to pdf.

Reviewing the source code and its node.js, basically checking the packages.json for possible vulnerable packages, that's where I notice the md-to-pdf package.

Then I tried to searched for possible exploit and found RCE on snyk.io : https://security.snyk.io/vuln/SNYK-JS-MDTOPDF-1657880

Which leads me to check to the github issues where I found an interesting comment.

I created an RCE code and supplied it to the markdown editor and I click submit.

Then, I created another markdown to check if the rce2.txt is created, and it listed all the files which the rce2.txt has been created.

I created a final markdown content to read the rce2.txt, then i got the flag.

Conclusion: Package vulnerabilities help me get the flag that highlighted the importance of source code review.

Previous1️⃣ Web 300: Kryptos Support Next🖥 ROOTCON 15 CTF

Last updated 2 years ago