CSAW CTF Qualification Round 2017 -- Orange v3 -- Web300 Writeup
CSAW CTF Qualification Round 2017 -- Orange v3 -- Web300 Writeup
problem description
orange v3
I wrote a little proxy program in NodeJS for my poems folder but I'm bad at programming so I had to rewrite it. Again. I changed up flag.txt too but everyone still wants to read it... http://web.chal.csaw.io:7312/?path=orange.txt
looks like orange v1 was solved unintended way so now we can try harder solving it
quick look at it turns out some chars are banned {# and . and %} and our input must end with .txt
checking out internet found some reference in orange blackhat conf slides