PicoCTF2018 – Web – Buttons Objective: There is a website running at http://2018shell.picoctf.com:18342 (link [1] ). Try to see if you can push their buttons. Hints: What's different about the two buttons? Solution: Okay let’s walk through this site and see what we see. The first page is a button, not anything interesting in the source code The second page is a hyperlink named button2 pointing to button2.php You did it! Try the next button: <a href =" button2.php "> Button2 </a> This button loads up a page named boo.html which loads a rickroll But there is a message saying FORM DISABLED. THIS INCIDENT HAS BEEN LOGGED AND REPORTED TO /dev/null Lets look in the source here This looks interesting <form action =" button2.php " method =" POST "> Button2.php method post Let’s load up burp suite and see what we can see The site map for button2.php is using get
@circusmonkey404 on the twitters; DM for contact