Google CTF – Web 15 – Horton Hears a Who!
Google CTF – Web 3 – Ernst Echidna
Description: “Can you hack this website? The robots.txt sure looks interesting.”
Google CTF – Web 4 – Dancing Dingoes
Description: “We’re interested in finding out what information is stored on this website. We’ve already obtained the username “proff” and the password “strobe.c”, but can’t work out how to access the “admin” user. Any ideas?”
Google CTF – Web 8 – Global CTF
Google CTF – Web 6 – Purple Wombats
Google CTF – Web 1 – Wallowing Wallabies – Part One
For anyone familiar with the Counter-Strike competitive scene, you know about ESEA. They just recently launched a bounty program that puts their website, game client, and game servers in scope for security research.
I spent a night taking a look over the website and found a few vulnerabilities. The most interesting discovery was a Server-Side Request Forgery vulnerability. Using a cool trick that Ben Sadeghipour (@NahamSec) showed me, I was able to pull private information from ESEA’s AWS metadata.
In 2014 I discovered a vulnerability on Yahoo’s Login Protection seal that allowed for CSS injection. This information was saved to the browser and IP, persisting across login sessions on that computer. The protection seal feature has since been removed from the login page, but the feature still exists in your account preferences.