Saarsec

saarsec

Schwenk and pwn
Page 3 of 10

ENOWARS 3 WriteUp shittr

14.07.2019 by Jonas Bushart

Shittr was a Twitter-like webservice written in bash and part of ENOWARS 3 in July 2019.

Read more

ENOWARS 3 WriteUp deaddrop

12.07.2019 by Lukas and Markus

Deaddrop was a HTTP service written in Erlang. It models a simple bulletin board system, where users can create topics and reply to them. Topics can either be public or private (where users have to know their name to access them). A logical flaw and a path traversal-like vulnerability allow attackers to list the private topics and steal data.

Read more

ENOWARS 3 WriteUp voting

11.07.2019 by Markus

Voting was a Python service at ENOWARS 3 in July 2019. Summarizing, it was a Flask-based app allowing users to create polls and vote on other's polls.

Read more