webmedium

Powergrid Challenge

necronet

Task: Patch a CRLF injection vulnerability in a flat-file user database that allows privilege escalation. Solution: Identify that the addUser() function lacks input validation on username, allowing pipe and newline injection to create admin entries in the pipe-delimited users.txt, then add isValidUsername() validation and deploy the fix via Socket.IO file save API.

$ ls tags/ techniques/
input_validationprivilege_escalationcrlf_injectionsocketiowebsocketflat_file_db
privilege_escalationcrlf_injectioncode_patchingwebsocket_exploitation
🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Create a free account with GitHub, then upgrade to Pro.

$ssh [email protected]