Posts List

Olympic CTF CURLing tasks

I had the honour to participate with int3pids in the #Olympic CTF and these are the write ups of the Web tasks we solved. CURLing 200: Xnginx In this level we were presented with a simple web site where we could check some news First thing to notice is that the news URL is vulnerable to path transversal: http://109.233.61.11:27280/news/?f=31-12-2013 http://109.233.61.11:27280/news/?f=../../../../../etc/passwd Since the name of the task was xnginx I looked for the nginx configuration file: