Response To Request Injection – HackBack CTF Solution

Scrolling through my news feed, I saw a post of my bro Sachin Thakuri mentioning “The HackBack – Online version is up.” Although i had participated in HackBack Live CTF, At that time i wasn’t able to solve this challenge (Christmas is not over yet). Sachin bro suggested me to read Mark Litchfield blog.

Moving to the challenge solution now, the solution was very simple and straightforward.

Response To Request Injection (RTRI) is classed as an Insecure Direct Object Reference Vulnerability, where application trusts user supplied data on a POST Request, even though it is NEVER expected within a request.

Below is the Post Request and Response for creating the normal account.
For account logged in with normal role, it shows a funny image containing slang word “Babaji Ka Thullu!”.

As It’s already mentioned, trusting user supplied data on a POST Request, even though it is NEVER expected within a request is RTRI. So, I crafted a new post request where i added &u_rolesparameter which was displayed in response.
Example: &u_roles=admin
Lastly, I logged in with admin role and i got the flag!
They said I’m first to solve this challenge. 😄

 

Leave a Reply

Your email address will not be published. Required fields are marked *

17 − nine =