This challenge was made for The InfoSecurity Challenge (TISC) 2022, a 17-day CTF hosted by the Centre for Strategic Infocomm Technologies.
It appeared in Level 5/10, and was solved by 13 participants.
Topics: Web Exploitation - SQL Injection, HTTP Request Smuggling, and XS Leaks.
Anticipated Time Taken: > 6 hours
Go to the service directory and docker-compose up -d.
We have discovered PALINDROME's secret portal, but we can't seem to gain access. Thankfully, we managed to steal the source code - can you take a look?
Gaining access to the portal and stealing the PALINDROME admin's access token will greatly aid our efforts to curb PALINDROME's ongoing attack.
The flag is the admin's access token - TISC{1:3:3:7:l:3:4:k:1:n}
All files under distrib.
Read the solution here