EUVD-2020-26484

Malware in sbrugna...

CVE-2020-5290

In RedpwnCTF before version 2.3, there is a session fixation vulnerability in exploitable through the token=$ssid hash when making a request to the /verify endpoint. An attacker team could potentially steal flags by, for example, exploiting a stored XSS payload in a CTF challenge so that victim...

CVE-2020-5290

In RedpwnCTF before version 2.3, there is a session fixation vulnerability in exploitable through the token=$ssid hash when making a request to the /verify endpoint. An attacker team could potentially steal flags by, for example, exploiting a stored XSS payload in a CTF challenge so that victim...

CVE-2020-5290

In RedpwnCTF before version 2.3, there is a session fixation vulnerability in exploitable through the token=$ssid hash when making a request to the /verify endpoint. An attacker team could potentially steal flags by, for example, exploiting a stored XSS payload in a CTF challenge so that victim...

Session fixation

In RedpwnCTF before version 2.3, there is a session fixation vulnerability in exploitable through the token=$ssid hash when making a request to the /verify endpoint. An attacker team could potentially steal flags by, for example, exploiting a stored XSS payload in a CTF challenge so that victim...

CVE-2020-5290 session fixation in rCTF

In RedpwnCTF before version 2.3, there is a session fixation vulnerability in exploitable through the token=$ssid hash when making a request to the /verify endpoint. An attacker team could potentially steal flags by, for example, exploiting a stored XSS payload in a CTF challenge so that victim...

CVE-2020-5290

CVE-2020-5290 affects RedpwnCTF prior to v2.3, exposing a session-fixation flaw exploitable via the #token=$ssid hash in requests to /verify. An attacker could leverage a stored XSS payload to automatically sign victims into the attacker’s account, enabling manipulation of challenge outcomes and ...