Insecure Configuration Challenge

Medium 200 Points Insecure Configuration

Challenge Description

This server has multiple security misconfigurations including directory listing, missing security headers, and dangerous CORS policies. Explore the vulnerabilities to find sensitive files and capture the flag.

Objective: Exploit misconfigurations to access sensitive files and find the hidden flag. The flag format is FLAG{...}

Directory Listing (Enabled!)

Browse the server file system. Directory listing should be disabled in production.

Path:

/DirectoryVulnerable

Directory listing is enabled! This should be disabled in production.

Security Headers Analysis

Analyze HTTP response headers for security misconfigurations.

CORS Configuration Check

Test Cross-Origin Resource Sharing configuration.

Origin:

Submit Flag

Hints -10% per hint

Hints revealed: 0 / 5
Score penalty: 0%

Learning Resources

OWASP A05:2021
MDN - CORS
Security Headers Scanner