Vulnerability Assessment Penetration Test Report for Where are the robots (Category Web Exploitation - picoCTF)

Title: Reference to a file that the creator doesn't want a normal user to look at.

Description of the Challenge: Can you find the robots?

Description of the Vulnerability: This website has some reference to a file that the creator doesn't want a normal user to look at.

Summary: In the picoCTF Where are the robots challenge, we were able to get the flag by accessing a file of the webpage that the creator doesn't want a normal user to look at.

The technical investigation finished at 8:40 UTC, concluding that there was no malicious intent or indicators of exploitation.

Steps to reproduce: 

                

1. Click on the link to the website.

2. Open the robots.txt file of the website. (link)

3. On opening the robots.txt file, you will find the reference to a link which the creator doesn't want you to look at.

4. On opening the link you will get the flag. (link)

Impact:   

Got the flag by accessing a file of the webpage that the creator doesn't want a normal user to look at.

Mitigation: 

Do not leave important data on the page source and other public files of the website.

POC (Proof of concept): 

FLAG: picoCTF{ca1cu1at1ng_Mach1n3s_8028f}

Share this post