Categories
hexionCTF 2020 Web Exploitation

“Notes”

Taking a look at the website, it seems simple enough. You type in text, hit the “Create” button, and it renders the text below. Let’s probe for Flask injection: Interesting. At first glance it may look as if Flask injection won’t get anywhere. But as with any web challenge, we should look at the source, […]

Categories
hexionCTF 2020 Web Exploitation

“Well Known”

Problem Description : Well… it’s known (: https://wk.hexionteam.com As you can see, we are given a 404 page. The first thing that I did when solving this problem was checking the web page for any additional hidden elements. I saw that there was a xml file, so I added “/sitemp.xml” after the original “wk.hexionteam.com” url. […]