|
@RiftWhiteHat | |||||
|
Attention CTF players (and organizers, CTFd v2.0.0 - v2.2.2 has a serious vulnerability (CVE-2020-7245) in which an attacker could perform account takeover using a leading-trailing on the Registration form. It has been fixed in v2.2.3. github.com/CTFd/CTFd/rele… Make sure to update!
|
||||||
|
||||||
|
Xh4H
@RiftWhiteHat
|
1. velj |
|
Woops, leading-trailing whitespace.... But I guess the tweet is still valid as there's a whitespace after "leading-trailing"... Right? 🥺
|
||
|
|
||
|
Tahar Amine ELHOUARI
@MrTaharAmine
|
2. velj |
|
I've found the same vulnerability a year ago in a live CTF contest, but I did not report it and I just don't know why :3
|
||
|
|
||
|
Xh4H
@RiftWhiteHat
|
2. velj |
|
Extended CTF coverage 😆
|
||
|
|
||
|
scraps
@pentestscraps
|
2. velj |
|
I'm looking forward to seeing this in future CTFs 😉
|
||
|
|
||
|
volodia
@julianvolodia
|
3. velj |
|
|
||