Skip to content
This repository was archived by the owner on Mar 3, 2020. It is now read-only.
This repository was archived by the owner on Mar 3, 2020. It is now read-only.

Bug: Unintended access to scoreboard. #492

Open
@websecctf

Description

@websecctf

Today, before launching a practice CTF, our team downloaded the git project of FBCTF. During this we wanted to see if we could pull the scoreboard data and then display it in our main website as the CTF goes on. We actually thought this was intentional but turns out it was not. While talking with one of the project developers, it was found that scoreboard access without logging in is not up yet. The way to access this scoreboard is as follows:

index.php?p=scoreboard&modal=scoreboard. Basically if you use the CTF link for example say your CTF is up at practicectf.com then simply going to practicectf.com/index.php?p=scoreboard&modal=scoreboard will give you the scoreboard details.

I don't think its a major issue.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions