CVE-2020-5290

In RedpwnCTF before version 2.3, there is a session fixation vulnerability in exploitable through the `#token=$ssid` hash when making a request to the `/verify` endpoint. An attacker team could potentially steal flags by, for example, exploiting a stored XSS payload in a CTF challenge so that victim teams who solve the challenge are unknowingly (and against their will) signed into the attacker team's account. Then, the attacker can gain points / value off the backs of the victims. This is patched in version 2.3.

In RedpwnCTF before version 2.3, there is a session fixation vulnerability in exploitable through the `#token=$ssid` hash when making a request to the `/verify` endpoint. An attacker team could potentially steal flags by, for example, exploiting a stored XSS payload in a CTF challenge so that victim teams who solve the challenge are unknowingly (and against their will) signed into the attacker team's account. Then, the attacker can gain points / value off the backs of the victims. This is patched in version 2.3.

En RedpwnCTF versiones anteriores a 2.3, se presenta una vulnerabilidad de fijación de sesión explotable por medio del hash "#token=$ssid" cuando se realiza una petición al endpoint "/verify". Un equipo atacante podría potencialmente robar flags, por ejemplo, explotando una carga útil de tipo XSS almacenado en un desafío CTF para que los equipos víctimas que resuelvan el desafío, sin saberlo (y en contra de su voluntad) hayan iniciado sesión en la cuenta team's del atacante. Entonces, el atacante puede conseguir puntos y valores a las espaldas de las víctimas. Esto está parcheado en versión 2.3.