Siemens Future Minds CTF — DeLorean Clock

DeLorean Clock was a web challenge in the Siemens Future Minds CTF. It had the following description:

Solving the challenge

The vulnerable code is in util.py. As you can see in the following screenshot, it creates a command (line 8) which gets run afterwards (line 9).

The “timestr” variable is user controlled and not sanitized, thus making the code prone for command injection. I have used the following payload to retrieve the flag, as the flag was located at /app/flag.txt:

Oct 10 2010 10 10"; cat /app/flag.txt; #

After sending the payload in the “destination” parameter of the GET request, I was able to get the flag inside the HTML code:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store