Below you can find my solution for Good Morning and OptiProxy tasks from Boston Key Party CTF 2016.
Proof of Concept:
We have SQL Injection because of
Here you can find explanation for this (page 36).
My solution (you need websocket-client):
As you can read here ruby
open function is very dangerous.
So we can omit
uri_scheme check if we can create
http: directory inside temp dir.
wget is used with param
This option causes Wget to download all the files that are necessary to properly display a given HTML page. This includes such things as inlined images, sounds, and referenced stylesheets.
we can create this dir using