psifertex/ctf-vs-the-real-world

Informational Repository tracking times that real world bugs have come out of CTF challenges intentionally or otherwise

ctf-vs-the-real-world

Informational Repository tracking times that real world bugs have come out of CTF challenges intentionally or otherwise

1. CVE-2016-5007

   • https://www.intrinsec.com/cve-2016-5007-spring-security-mvc-path-matching-inconsistency/

2. CVE-2020-6512 (unconfirmed CTF background)

   • https://twitter.com/dmxcsnsbh/status/1643105597276188672

3. CVE-2020-27348

   • https://github.com/osirislab/CSAW-CTF-2019-Quals/tree/master/web/buyify

4. CVE-2020-27348

   • https://twitter.com/itszn13/status/1369396838646833159

5. CVE-2012-1823

   • http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
   • Unintended

6. Bunyan's Revenge

   • https://ctftime.org/task/373
   • https://www.usenix.org/sites/default/files/conference/protected-files/enigma_slides_nighswander.pdf
   • Intended Solution

7. Lollerska8ters FreeBSD 0day

   • http://dubai2013.honeynet.org/briefings.html#talk8
   • Brought for extra pwnage during AD CTF

8. Pirate Danbi

   • https://twitter.com/beist/status/577214235073089536
   • https://github.com/ctfs/write-ups-2015/tree/master/codegate-ctf-2015/reversing/pirate-danbi

9. Several from Google CTF 2019:

   • Gomium Browser
   • https://github.com/google/google-ctf/blob/master/2019/finals/solutions.pdf
   • CVE-2019-18276
   • https://nvd.nist.gov/vuln/detail/CVE-2019-18276
   • https://github.com/google/google-ctf/blob/master/2019/finals/solutions.pdf
   • gPhotos2
   • https://blog.bushwhackers.ru/googlectf-2019-gphotos-writeup/
   • (unintended, used different than expected image magick vulns!)
   • intended, but also real-world imagemagick 0day: https://blog.kaibro.tw/2019/11/05/Google-CTF-2019-Final-%E9%81%8A%E8%A8%98/

10. 35C3 CTF Entire category of 0day challenges (zajebiste).

    • https://archive.aachen.ccc.de/35c3ctf.ccc.ac/challenges/index.html
    • But there were many other unintended vulnerabilities found and used instead throughout the CTF! https://twitter.com/_niklasb/status/1111624505615675392?s=19
    • https://twitter.com/_niklasb/status/1121804193839427584?s=19
    • CVE-2019-2556
    • https://twitter.com/j0nathanj/status/1085587860315693057?s=19

11. Many CTF challenges have inspired real-world bug finding:

    • https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html?m=1

12. CVE-2019-2684

    • https://i.blackhat.com/eu-19/Wednesday/eu-19-An-Far-Sides-Of-Java-Remote-Protocols.pdf

13. https://bugs.chromium.org/p/chromium/issues/detail?id=1077139

14. CVE-2011-2018

    • https://j00ru.vexillium.org/papers/2012/cve_2011_2018.pdf

TODO

• Sortable/better table format
• Standard tags for different types of interactions (used as legit challenge, found accidentally, used against infra, etc)