Writeup for Web challenges – ASCIS 2024

1. Path Traversal

Is there any weakness in this web?

Solution: You can see history tranfer (file transfer_history.txt) on the website, so you can view file config.ini and found the flag

Flag: ASCIS{bWlzb2Z0MjAyNA==}

2. SQL

Login to admin account to get the flag.

Solution: Insert ‘admin” OR 1 = 1 — -‘ to get account admin

Flag: ASCIS{s1mpl3st_sql_1n_th3_w0rld}

3. web0-server

Website has Cross-site-scripting vulnerability

Download challenge

Solution: Insert script: <sCriPt>alert(1)</sCriPt> and use Base64 to decode the received string

Flag: FLAG{XSS_EXPLOITATION}

4. DigitalGadget

Website has vulnerability in mathtex

Download challenge

Download solution

Flag: ASCIS{E4OID5d7FFToyLrwyOxY}

5. DocMan

Website has file upload vulnerability

Download challenge

Download solution

Flag: ASCIS{OhBaby–ChristmasIsComming}