Web Attacks - Skills Assessment

We could actually see that we have the uid 74

when we try to change the uid cookie to 75 we have a different user

Now we try to intercept this page

send it to intruder

We found nothing above

But I found the api

Send it to repeater

Change the password of that user

As we fuff the website we can see the reset.php which is the reset page

ffuf -w /usr/share/wordlists/seclists/SecLists-master/Discovery/Web-Content/directory-list-2.3-medium.txt -u http://94.237.61.84:42330/FUZZ.php

Then i just tried this reset and see the parameters

Then we can just reset the password of admin by a GET method

ORRR

Username from burp when we are bruteforcing the APIs

username: a.corrales
password: 123

Now just login as admin

click add event

We can see there is a xxe or xml that is being transferred

just use the base64 php encode to encode the file /flag.php

Last updated 4 months ago