Saarsec

saarsec

Schwenk and pwn
Page 3 of 9

ENOWARS 3 WriteUp deaddrop

12.07.2019 by Lukas and Markus

Deaddrop was a HTTP service written in Erlang. It models a simple bulletin board system, where users can create topics and reply to them. Topics can either be public or private (where users have to know their name to access them). A logical flaw and a path traversal-like vulnerability allow attackers to list the private topics and steal data.

Read more

ENOWARS 3 WriteUp voting

11.07.2019 by Markus

Voting was a Python service at ENOWARS 3 in July 2019. Summarizing, it was a Flask-based app allowing users to create polls and vote on other's polls.

Read more

ENOWARS 3 WriteUp explotify

10.07.2019 by Ben, Johannes & Olli

Explotify was a Python service at ENOWARS 3 in July 2019. Summarizing, it was a Flask-based app, which used two database backends - a SQLite database to store user credentials and information, and a MongoDB to store information about generated songs.

Read more