ChimpChat

Your goal is to find a way to execute JavaScript on the admin's browser and steal their flag cookie. The admin bot will visit any post URL you report via the interface.

Note: This challenge simulates a real-world scenario with strict Content Security Policy (CSP) and session isolation.

Deployment

Run the following command in the project root:
```
docker compose up --build
```
Access the application at: http://localhost:1808

CTFd Description

Go chat in ChimpChat!

Solution

For a detailed walkthrough of the vulnerabilities and exploitation steps, see writeup.md.

Name		Name	Last commit message	Last commit date
Latest commit History 9 Commits
public		public
views		views
.dockerignore		.dockerignore
.gitignore		.gitignore
Dockerfile		Dockerfile
README.md		README.md
bot.js		bot.js
docker-compose.yml		docker-compose.yml
package.json		package.json
server.js		server.js
writeup.md		writeup.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

ChimpChat

Deployment

CTFd Description

Solution

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

ChimpChat

Deployment

CTFd Description

Solution

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages