b6a.black/posts/2020-07-22-uiuctf-deserializeme
Preview meta tags from the b6a.black website.
Linked Hostnames
6- 6 links tob6a.black
- 3 links togithub.com
- 1 link toaccess.redhat.com
- 1 link togist.github.com
- 1 link togit.io
- 1 link togohugo.io
Search Engine Appearance
UIUCTF 2020: deserializeme
Update: It was assigned as CVE-2020-14343 after the contest. This was a fun challenge exploiting a deserialize service in Python. The server is using pyYAML and Flask, with the source code below: from flask import Flask, session, request, make_response import yaml import re import os app = Flask(__name__) app.secret_key = os.urandom(16) @app.route('/', methods=["POST"]) def pwnme(): if not re.fullmatch(b"^[\n --/-\]a-}]*$", request.data, flags=re.MULTILINE): return "Nice try!", 400 return yaml.load(request.data) if __name__ == '__main__': app.
Bing
UIUCTF 2020: deserializeme
Update: It was assigned as CVE-2020-14343 after the contest. This was a fun challenge exploiting a deserialize service in Python. The server is using pyYAML and Flask, with the source code below: from flask import Flask, session, request, make_response import yaml import re import os app = Flask(__name__) app.secret_key = os.urandom(16) @app.route('/', methods=["POST"]) def pwnme(): if not re.fullmatch(b"^[\n --/-\]a-}]*$", request.data, flags=re.MULTILINE): return "Nice try!", 400 return yaml.load(request.data) if __name__ == '__main__': app.
DuckDuckGo
UIUCTF 2020: deserializeme
Update: It was assigned as CVE-2020-14343 after the contest. This was a fun challenge exploiting a deserialize service in Python. The server is using pyYAML and Flask, with the source code below: from flask import Flask, session, request, make_response import yaml import re import os app = Flask(__name__) app.secret_key = os.urandom(16) @app.route('/', methods=["POST"]) def pwnme(): if not re.fullmatch(b"^[\n --/-\]a-}]*$", request.data, flags=re.MULTILINE): return "Nice try!", 400 return yaml.load(request.data) if __name__ == '__main__': app.
General Meta Tags
13- titleUIUCTF 2020: deserializeme | Black Bauhinia
- charsetutf-8
- X-UA-CompatibleIE=edge
- viewportwidth=device-width, initial-scale=1, shrink-to-fit=no
- robotsindex, follow
Open Graph Meta Tags
4- og:titleUIUCTF 2020: deserializeme
- og:descriptionUpdate: It was assigned as CVE-2020-14343 after the contest. This was a fun challenge exploiting a deserialize service in Python. The server is using pyYAML and Flask, with the source code below: from flask import Flask, session, request, make_response import yaml import re import os app = Flask(__name__) app.secret_key = os.urandom(16) @app.route('/', methods=["POST"]) def pwnme(): if not re.fullmatch(b"^[\n --/-\]a-}]*$", request.data, flags=re.MULTILINE): return "Nice try!", 400 return yaml.load(request.data) if __name__ == '__main__': app.
- og:typearticle
- og:urlhttps://b6a.black/posts/2020-07-22-uiuctf-deserializeme/
Twitter Meta Tags
3- twitter:cardsummary
- twitter:titleUIUCTF 2020: deserializeme
- twitter:descriptionUpdate: It was assigned as CVE-2020-14343 after the contest. This was a fun challenge exploiting a deserialize service in Python. The server is using pyYAML and Flask, with the source code below: from flask import Flask, session, request, make_response import yaml import re import os app = Flask(__name__) app.secret_key = os.urandom(16) @app.route('/', methods=["POST"]) def pwnme(): if not re.fullmatch(b"^[\n --/-\]a-}]*$", request.data, flags=re.MULTILINE): return "Nice try!", 400 return yaml.load(request.data) if __name__ == '__main__': app.
Link Tags
7- canonicalhttps://b6a.black/posts/2020-07-22-uiuctf-deserializeme/
- iconhttps://b6a.black/favicon.ico
- preconnecthttps://fonts.gstatic.com
- preload stylesheet/assets/css/stylesheet.min.79c4dfee3993cd3110886e38d36a5106e0d6922344cefa3ff5c0076f246815f0.css
- stylesheethttps://fonts.googleapis.com/css2?family=Recursive&display=swap
Links
13- https://access.redhat.com/security/cve/cve-2020-14343
- https://b6a.black
- https://b6a.black/about-us
- https://b6a.black/posts/2020-07-22-uiuctf-bot-protection-iv
- https://b6a.black/posts/2020-07-22-uiuctf-nookcrypt