Description The web application development company SecureSolaCoders has created their own intranet page. The developers are still very young and inexperienced, but they ensured their boss (Magnus...

Scanning Port scanning ┌──(root㉿kali)-[/home/kali/Desktop/mailing] └─# nmap mailing.htb Starting Nmap 7.94 ( https://nmap.org ) at 2024-06-30 19:04 EDT Stats: 0:01:38 elapsed; 0 hosts ...

First, We need to edit the host’s file. echo "10.10.192.152 internal.thm" | sudo tea -a /etc/hosts Scanning Port scanning root@ip-10-10-228-42:~# nmap internal.thm Starting Nmap 7.60 ( h...

Table of Contents JWT authentication bypass via unverified signature JWT authentication bypass via flawed signature verification JWT authentication bypass via weak signing key JWT authent...

Table of Contents Excessive trust in client-side controls High-level logic vulnerability Inconsistent security controls Flawed enforcement of business rules Low-level logic flaw Incon...

Table of Contents Unprotected admin functionality Unprotected admin functionality with unpredictable URL User role controlled by request parameter User role can be modified in user profil...

Table of Contents Username enumeration via different responses 2FA simple bypass Password reset broken logic Username enumeration via subtly different responses Username enumeration via...

Table of Contents Basic SSRF against the local server Basic SSRF against another back-end system SSRF with blacklist-based input filter SSRF with filter bypass via open redirection vulner...

Table of Contents Remote code execution via web shell upload Web shell upload via Content-Type restriction bypass Web shell upload via path traversal Web shell upload via extension blackl...

Table of Contents OS command injection, simple case Blind OS command injection with time delays Blind OS command injection with output redirection Blind OS command injection with out-of-b...