🚩
CTF Writeups
  • CTF Writeups
  • CloudSEK 2023 Writeups
    • Bases
    • Serialization Saga
    • The SHA Juggler
  • Cyber Heroines CTF 2023 Writeups
    • crypto
      • Lenore Blum
      • Sophie Wilson
    • forensics
      • Barbara Liskov
      • Elizabeth Feinler
      • Margaret Hamilton
      • Marian Croak
      • Stephanie Wehner
    • pwn
      • Sally Ride
    • re
      • Anita Borg
    • web
      • Frances Allen
      • Grace Hopper
      • Radia Perlman
      • Shafrira Goldwasser
      • Susan Landau
  • DeconstruCTF 2023 Writeups
    • Gibberish
    • Hash Roll
    • MOVE
    • Magicplay
    • Missing
    • Snowy Rock
    • Space Ahoy
    • Two Paths
    • Very Basic
    • gitcha
    • sweet-nothing
    • where-are-the-cookies
    • why-are-types-weird
  • Digital Defenders CTF 2023
  • ISFCR EC CTF 2023 Writeups
    • Base the Bases
    • CrackMe
    • Device
    • Emoji Man
    • Fast Fernet
    • Hands Up
    • Hot and Cold
    • I walk alone
    • Inception
    • Lucky Guess?
    • Mess
      • chal
    • NotFooter
    • Oink Oink v2
    • Oink Oink v0
    • Oink Oink v1
    • STR
    • Seek The Treasure
    • Standard-bearer
    • Tap The Wire
    • Thomas The Train
    • What You See Is (Not) What You Get
    • Where's My Dog?
    • splitXquest
    • Zip Bomb
  • KICyber CTF 2023 Writeups
    • All Hail Hydra
    • Binary Cryptogram - Unravel the Enigma
    • Breakout - Unleash the Flag
    • Cross Platform Hunt
    • CryptoShift - Decipher the Hidden Message
    • Hidden-Network-Quest
    • MetaQuest
    • No remorse, No regret
    • OTP Portal Intrigue
    • Policy-patrol_IAM
    • Secure-Storage-Showdown
    • The-Forbidden-Telnet-Portal
    • Time Traveler's Git (Part 1)
    • Time Traveler_s Git (Part 2)
    • Time-Capsule
    • Unveiling the Hidden Message
    • Welcome to KICyber CTF
    • XORCrypt: Solitary Cipher
    • Zipper is stuck
  • Snyk Fetch The Flag 2023 Writeups
    • Back The Hawks
    • Beep64
    • Finders Keepers
    • Jott
    • Nine-One-Sixteen
    • Protecting Camp
    • Quick Maths
    • Unhackable Andy II
    • Unhackable Andy
  • YCTF Mini 2023 Writeups
    • Cat's Concert 🎧🎵
    • Death Song
    • Enigmatic Vault
    • Fire Accident
    • Military Spy
    • Movie scene
    • OSINT 1
    • OSINT 2
    • Stego Master
    • Twinkle Twinkle
    • Unchained 1
    • Unchained 2
    • Inception
  • flaws.cloud
  • YCTF-Weekly 2023
    • Week-2
      • Web
        • Cookie
        • Confluence
      • Misc
        • Never Found
Powered by GitBook
On this page
  • Challenge Description
  • Solution
  • FLAG
  • POC Links
  1. YCTF-Weekly 2023
  2. Week-2
  3. Web

Confluence

Last updated 1 year ago

Challenge Description

Solution

  • On the landing page we could see login page which was for Confluence using version 8.5.1

  • Researching on it, we find a CVE for it CVE-2023-22515

  • Using those credentials and logging in the file gets downloaded

  • Unzipping it gives a flag.txt, which contains the flag

FLAG

YCTF{C0nf1u3nc3_x_YCF}

POC Links

Using this , we get the credentials for the page.

github POC
https://github.com/Chocapikk/CVE-2023-22515