In the Snyk Fetch the Flag 2025 CTF event, a web challenge named VulnScanner allows participants to define HTTP test specifications using YAML. The challenge revealed potential vulnerabilities through code review of API endpoints. Notable vulnerabilities include file handling in the /templates/download/ route and command execution via the /upload route after bypassing digest verification. The exercise showcases practical security concepts through code exploitation. Affected: web application, software developers, cybersecurity enthusiasts
Keypoints :
- VulnScanner is a challenge involving YAML-based HTTP test specifications.
- The challenge is written in Go, appealing to software developers.
- The /upload and /templates/download/ endpoints were identified as potential vulnerabilities.
- Path traversal checks were present in the /templates/download/ endpoint.
- The /upload endpoint allows command execution after a digest verification bypass.
- Local testing involved updating the Dockerfile for debugging via Delve.
- Debugging configurations were set up in VS Code for the Dockerized application.
- A malicious YAML payload was crafted to exploit the system command execution.