Attention CTF players (and organizers, CTFd v2.0.0 - v2.2.2 has a serious vulnerability (CVE-2020-7245) in which an attacker could perform account takeover using a leading-trailing on the Registration form. It has been fixed in v2.2.3. https://github.com/CTFd/CTFd/releases/tag/2.2.3 … Make sure to update!
-
-
How did the attack work? I guess something like register an account for "admin ", the password reset link is sent to your email but it resets for "admin" without the whitespace?
-
correct, i encourage you to set up a vulnerable version locally to test it
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
