Total
Overview
SCENARIO
A beginner developer built a simple color palette generator. Visit the page, pick a background color, pick a text color, and watch the interface update. There are no user accounts, no file uploads, no database queries, and no complex business logic. Just colors. The developer is confident that an application this simple could not possibly have any serious security issues worth worrying about.
You have full access to the source code. The application itself is minimal, and most of what it does is straightforward. But simplicity in application logic does not always mean simplicity in attack surface. Before you focus on what the code does, take a close look at what it is built on. The choice of framework and the specific version in use tells a story of its own.
Read the dependencies, do your research, and figure out how a color palette generator ends up being more dangerous than it looks.
Flag format: flag{}
Infrastructure
- Docker Container — HTTP on port 8000
Provided Files
- total.zip (6.7 KB)