Micro-CMS v1

January 23, 2024

If you edit the first one in the list and you change the number in the directory in link. You can see the forbidden page. Basically change the /1 to /7

Then the next one we are going to use SQL injection to the same parameter

After you did this it will return the flag

Next we will use cross site scripting attack to the input box of the website

After you save just go back to the front page click Go Home button

The last flag we need to edit the second page which is the markdown test

Then we will edit the button to make it onclick then use alert

After that we will view the flag in the inspect side where the button is located