scanbook

Overview

• Overall difficulty for me (From 1-10 stars): ★★★★★☆☆☆☆☆

Tickets, please.

https://scanbook.chall.pwnoh.io

Author: gsemaj

Difficulty: Easy

Find the flag

Home page:

Let’s test what the website is doing!

After I submitted a content, I’ll be prompt to a page to scan/download the QR code.

Also, the QR code picture might vulnerable to IDOR (Insecure Direct Object References)!

How about we upload that ticket?

Hmm… How about I upload others ticket, and read it??

Let’s say 41340811.png:

Download it and upload it:

Hmm…

I’m also curious about what the QR has. Let’s use an online QR code reader:

┌──(root🌸siunam)-[~/ctf/BuckeyeCTF-2022/Web/scanbook]
└─# ls -lah /home/nam/Downloads 
total 16K
drwxr-xr-x  2 nam nam 4.0K Nov  5 07:55 .
drwxr-xr-x 30 nam nam 4.0K Nov  4 20:54 ..
-rw-r--r--  1 nam nam  665 Nov  5 07:51 41340867.png

It’s reading the plaintext content based on the filename??

How about we generate a QR code that contains the filename on the web server??

To do so, I’ll use an online QR code generator:

Let’s try to find the first one (1) uploaded plaintext!

Upload it:

Sorry, we lost your post.?? Maybe 1.png doesn’t exist?

Let’s try 0 then:

Boom! We got the flag!

Conclusion

What we’ve learned:

1. IDOR (Insecure Direct Object References)