Header
Exploration
Find other page withe the source code.
http://localhost:8000?source
const fs = require('fs');
const express = require('express');
const escape = require('escape-html')
var favicon = require('serve-favicon');
const app = express();
app.use(favicon('favicon.ico'));
app.set('view engine', 'ejs');
app.use(express.static('public'));
app.get('/', async (req, res) => {
var verif = req.header("X-FCSC-2022");
if (verif == "Can I get a flag, please?") {
var flag = fs.readFileSync("flag.txt");
res.status(200);
res.render("pages/index", {
type: "success",
msg: "Here it is: " + flag,
});
return res.end();
} else {
res.status(200);
res.render("pages/index", {
type: "warning",
msg: "No flag for you. Want a meme instead?",
});
return res.end();
}
});
app.get('/source', async (req, res) => {
const source = fs.readFileSync(__filename);
res.render("pages/source", {
source: escape(source),
});
return res.end();
});
app.listen(8000);
Solution
Understand that it's needed to request with a specific header and value.
-
Name :
X-FCSC-2022
-
Value :
Can I get a flag, please?
-
Open Firefox devtools
-
Edit http header
-
Add new header with these name/value
X-FCSC-2022
/Can I get a flag, please?
. -
Resend the HTTP request.
-
Get the flag !