In this write-up, we’ll go over the web challenge Acnologia Portal, rated as medium difficulty in the CyberApocalypse CTF 2022. The solution requires exploiting a blind-XSS vulnerability and performing CSRF to upload a zip file for arbitrary file injection, crafting Flask-Session cookie for deserialization to get remote code execution.
HTB CA-CTF ctf web cookie-forgery blind-xss csrf flask-session pickle-deserialization deserialization zip-slip rce write-up