Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
4f34685f64ec9b82ea014bda3274b0dfviews
mongo
views
.dockerignore
.gitignore
Dockerfile
README.MD
docker-compose.yml
package-lock.json
package.json
server.js
start.sh

README.MD

name: proto

flag: hackim19{Prototype_for_the_win}

solution

  • The mongo id should be prediected.
  • If you go back in time of 1m, you would get a directory.
  • To make this Object prototype injection more fun, I add a cookie which Cyrillic "а" (U+0430) rather than the ASCII "a" (U+0061)
  • A post request should be made to /signup with {"name":"World","proto":{"admin":1}}
  • Then navigate to /getFlag to get the flag.

#Installation

  • run ./start.sh