In this write-up, we’ll go over the solution for the challenge SteamCoin that requires the exploitation of multiple server-side and client-side vulnerabilities. The solution involves a JWT authentication bypass through JKU claim misuse using unrestricted file upload, HTTP request smuggling for ACL bypass, and XSS to CSRF on an automated UI testing service to exfiltrate the flag from CouchDB.
HTB uni-ctf ctf web cve-2021-40346 scripting request-smuggling blind-xss jwt csrf write-up