Tag: lfi

[CSAW2017] Orange v1

Question I wrote a little proxy program in NodeJS for my poems folder. Everyone wants to read flag.txt but I like it too much to share.   Solution Based on the challenge name. It seems the concept are based on the presentation of Orange Tsai on DEFCON25. About uri handling in node.js. If \xff are exists in uri, it will throw it away. What if we input %EF%BC%AE%EF%BC%AE/ ? %EF%BC%AE is ‘Full Width Latin Capital Letter N ‘. And it’s Unicode is \uFF2E. So, if N appears in URL, node.js will delete \xff. So \x2e will be translated to “.”. Buf after have some try, %EF%BC%AE%EF%BC%AE/ is not work for this question. So i try to change one %EF%BC%AE to “.”. And it works.   Finally payload:     Reference

