Solution to SECCON 2017 Log Search

11/12/17 — capitol

logs

name:

Log search

category:

web

points:

100

Writeup

We go a link to an empty site with the words “Find the flag!”.

Looking at the source we found a link to another page.

That was a search page for accesses to the webpage. Searching for flag gave us this url: http://logsearch.pwn.seccon.jp/flag-b5SFKDJicSJdf6R5Dvaf2Tx5r4jWzJTX.txt

flag was SECCON{N0SQL_1njection_for_Elasticsearch!}