In this write-up, we’ll go over the web challenge Acnologia Portal, rated as medium difficulty in the CyberApocalypse CTF 2022. The solution requires exploiting a blind-XSS vulnerability and performing CSRF to upload a zip file for arbitrary file injection, crafting Flask-Session cookie for deserialization to get remote code execution.
HTB
CA-CTF
ctf
web
cookie-forgery
blind-xss
csrf
flask-session
pickle-deserialization
deserialization
zip-slip
rce
write-up
]