Vulnerability Assessment Penetration Test Report for Insp3ct0r (Category Web Exploitation - picoCTF)

Title: Private Data on the page source.

Description of the Vulnerability: This website has some private data on its Page source.

Summary: In the picoCTF Insp3ct0r challenge, we were able to get the flag by accessing the page source and other files of the website.

The technical investigation finished at 8:40 UTC, concluding that there was no malicious intent or indicators of exploitation.

Steps to reproduce: 

                

1. Click on the link to the website.

2. View page source of the site.

3. You will get the first part of the flag.

4. Click on the link to the mycss file of the website.

5. Scroll down in the mycss file of the website, You will get the second part of the flag.

6. Click on the link to the myjs (MyJavascript) file of the website.

7. Scroll down in the myjs file of the website, You will get the third part of the flag.

8. On combining all three parts, You will get the whole flag.

9. View page source of the site.

Impact:   

Got the flag by accessing the page source and other files of the website.

Mitigation: 

Do not leave important data on the page source of the website.

POC (Proof of concept): 

FLAG: picoCTF{tru3_d3t3ct1ve_0r_ju5t_lucky?f10be399}

Share this post