Author: ilyree
Last week we fired an intern at Girlie Pop INC for stealing too much food from the office. It seems they didn’t know much about secure software development either…
The lovely @dipamsen solved this one
He found the path traversal https://girly.ctf.rusec.club/view?page=../app.py along with @gutlogemur found the exposed .git/ directory and then used git-dumper to dump the repo
The flag was in the README.md of the repo
I didn’t really need this to write this writeup but I wanted to mention git-dumper
Reply by Email