1. Executive Summary Vulnerability: URL-based Access Control Bypass (HTTP Header Spoofing). Description: The application framework supports non-standard HTTP headers (specifically X-Original-URL)...

1. Executive Summary Vulnerability: Mass Assignment (also known as Over-Posting). Description: The application framework automatically binds (maps) incoming JSON data to internal object fields. Be...

1. Executive Summary Vulnerability: Broken Access Control (Parameter Tampering). Description: The application determines the user’s privilege level based on a cleartext HTTP cookie (Admin=false). ...

1. Executive Summary Vulnerability: Unprotected Admin Functionality (Security by Obscurity). Description: The application attempts to secure the admin panel by using a long, random, unpredictable ...

1. Executive Summary Vulnerability: Unprotected Admin Functionality (Broken Access Control). Description: The application relies on “Security by Obscurity” by hiding the administration panel’s URL...

Introduction In this machine, I discovered an HTTP service running on port 80 and performed enumeration using Gobuster and manual inspection. This revealed a Monstra 3.0.4 CMS instance, which I acc...

Introduction In this guide, I discovered an HTTP service running on port 33414 and enumerated its API endpoints using Gobuster. By targeting the file-upload endpoint, I was able to upload files to ...

Introduction During enumeration, I identified ports 80, 33017, and 22 as open. Exploring the web services, I found a file manager that required email confirmation for my newly created user. Using B...

Introduction In this walkthrough, I encountered a WordPress site and gained access using credentials discovered in SMB shares. Once authenticated, I edited the index.php file of the active theme t...

Introduction In this walkthrough, I worked on an Intermediate Windows machine on HTB. I started by exploiting a CSRF vulnerability to craft a malicious password reset link and delivered it to a us...