ENOWARS 3 WriteUp deaddrop
12.07.2019 by Lukas and Markus
Deaddrop was a HTTP service written in Erlang. It models a simple bulletin board system, where users can create topics and reply to them. Topics can either be public or private (where users have to know their name to access them). A logical flaw and a path traversal-like vulnerability allow attackers to list the private topics and steal data.