In this write-up, we’ll go over the solution for the challenge SteamCoin that requires the exploitation of multiple server-side and client-side vulnerabilities. The solution involves a JWT authentication bypass through JKU claim misuse using unrestricted file upload, HTTP request smuggling for ACL bypass, and XSS to CSRF on an automated UI testing service to exfiltrate the flag from CouchDB.
HTB
uni-ctf
ctf
web
cve-2021-40346
scripting
request-smuggling
blind-xss
jwt
csrf
write-up
]