BackdoorCTF - web - 100

Challenge Text

H4x0r, tired of his hacking attempts is hosting a simple contest to rate the images of every user. Head on here to take part in the contest and impress him.

This challenge involved a pretty straight-forward web service which leaked referrer information. Here's the landing page:

  <title>Upload Image</title>
  <h3>Give the link for your profile picture</h3>
  <form action="./submit.php" method="POST">
    <input name="url" placeholder="Enter link" type="url"><br>
    <input value="Submit" type="submit">

Working along the problem, our first couple POSTs show the application doesn't really care about images...

The link is invalid. Click <a href='./submit.php'>here</a> to go back and try again.

Your profile picture has been given 28 points out of 100. Click <a href='./submit.php'>here</a> to go back and try again.

Next step, view an actual request

Connection from port 8000 [tcp/*] accepted
GET / HTTP/1.1
Accept: */*
X-Referrer: 92702a9381515494689f5d14f85a83b7.php

That X-Referrer is interesting... I wonder if we can GET it?

  <title>Super Secret Page</title>
  <h2>Super secret page</h2>
  <p>This is a dangerous place. You shouldn't be lurking here. Click <a href="./submit.php">here</a> to go back.</p>
  <!-- By the way, the flag is f556b9a48a3ee914f291f9b98645cb02 -->

Flag: f556b9a48a3ee914f291f9b98645cb02

- Kelson (