In the Wild Wild Web, there are really bad guys. The sheriff doesn’t know them all. Therefore, he needs your help.
Upload pictures of criminals to this site and help the sheriff to arrest them.
You can make this Wild Wild Web much less wild!!!

Pictures will be deleted on regular basis!

At link we can see usual upload form.

After uploading jpeg with nice car, we can see that some data from picture were extracted.

The first idea – try to manipulate with exif data of the jpeg.

➜ ~ exiftool -Make="'test" car.jpg
    1 image files updated

After this try we see db error page – nice job :)


Let’s skip non-interesting parts of survey :) After some manipulations with “Model” tag  I guessed rows count in insert – 6. After this by injecting into EXIF

make',  ( SELECT group_concat(concat_ws(0x3a,name, password)) FROM users) ), (1, 2, 3, 4, '5

I got users with their passwords.

Trying to log in via admin user: success!

The flag is flag{1_5h07_7h3_5h3r1ff}