🐝OWASP Top 10
https://app.hackthebox.com/tracks/OWASP-Top-10
Looking glass
First, let's see what the website does with simplesubmit:
since it's very simple ill try the basic separator/command RCE ->
Let's try to dig more:
that's probably it ->
So not too much to think about here, onto next one
sanitize
😂
happy to have my basics 😂
baby auth
Register as whatever username, get your session ID token and go to Cyberchef to decode it from base64-> change your name parameter to admin and encode it to base64 again
Then change your session ID in inspect mode and enjoy:
Last updated
