Skip to content

Files

Latest commit

zeyu2001zeyu2001
Fix typo
Sep 15, 2022
6597456 · Sep 15, 2022

History

History

TISC-2022

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
distrib
distrib
Sep 12, 2022
service
service
Sep 12, 2022
solve
solve
Sep 15, 2022
README.md
README.md
Sep 12, 2022

README.md

PALINDROME's Secret

This challenge was made for The InfoSecurity Challenge (TISC) 2022, a 17-day CTF hosted by the Centre for Strategic Infocomm Technologies.

It appeared in Level 5/10, and was solved by 13 participants.

Topics: Web Exploitation - SQL Injection, HTTP Request Smuggling, and XS Leaks.

Anticipated Time Taken: > 6 hours

Setup

Go to the service directory and docker-compose up -d.

Challenge Statement

We have discovered PALINDROME's secret portal, but we can't seem to gain access. Thankfully, we managed to steal the source code - can you take a look?

Gaining access to the portal and stealing the PALINDROME admin's access token will greatly aid our efforts to curb PALINDROME's ongoing attack.

Flag

The flag is the admin's access token - TISC{1:3:3:7:l:3:4:k:1:n}

Provided Files

All files under distrib.

Solution

Read the solution here