[RedPwnCTF 2020] Viper
02 Jul 2020 by - Vie
- Steal admin CSRF token from
- Poison redis cache with a viper page that fires a request to
admin/createto modify viper page
- Report viper page to admin
- Revisit viper page after admin to get flag
The full challenge writeup can be found here.