root-me-spip

Дата

Валидации

103 Компромиссы 9%

Примечание  Рейтинг

9 голоса

Описание

Attention : this CTF-ATD is linked to the challenge "Root Me, for real"

At the end of 2021, we were able to authenticate with administrative privileges on the Root-Me backoffice using, among other things, a 0day vulnerability in the SQL engine of SPIP 4.0.0.

The vulnerability has been corrected in version 4.0.1 of the software. This challenge is a simple SPIP site in vulnerable version. Find the bug in your turn, exploit it, and pass root to recover the flag !

Время компромисса

4 часы

Операционная система

 linux

запустить эту виртуальную среду