pwn.college Dojo Symlink-Based Local File Inclusion Vulnerability

A local file inclusion vulnerability has been identified in pwn.college Dojo versions through 1f0b1f22c971edd5d883632fb2346d9c6f8b8535. The issue arises from incorrect checks on symlinks in user-specified dojos, allowing users to access sensitive files from the CTFd container. When repositories are cloned or updated, the platform checks for symlinks. A malicious user could create a repository with symlinks pointing to sensitive files, which could then be retrieved via the CTFd website.

Impact

Exploitation of this vulnerability allows for local file inclusion, potentially exposing server secrets and other sensitive files.

Reproduction

To reproduce this vulnerability, initialize a new Git repository and create a 'dojo.yml' file. Then, create a symlink in the repository that points to a sensitive file, such as '/etc/passwd'. After committing and pushing the changes to GitHub, create a dojo from the repository. Finally, navigate to the main page of the dojo to access the contents of the linked file.