diff options
Diffstat (limited to 'solve/notes')
| -rw-r--r-- | solve/notes | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/solve/notes b/solve/notes new file mode 100644 index 0000000..dd7661c --- /dev/null +++ b/solve/notes @@ -0,0 +1,14 @@ +Literally RCE as a service with training wheels. + +Get to dynamically dispatch a C# function from JSON descripiton. + +Even the type string is returned to you in the service exception output. + +Once you have code execution its a matter of making the flag accessible +through another endpoint, since the program expects an Image return type, +but GetUser returns a String, so an exception is thrown, preventing +you from getting the output directly in the HTTP response. + +We move the flag to wwwroot/js/flag.js. Need the extension, since +otherwise the strict web router will not allow us to download it. + |