Tag: ctf
All the articles with the tag "ctf".
-
Profile Takeover: Chaining Self-XSS with CSRF
A Self-XSS in the profile bio editor is harmless on its own. Chain it with a missing CSRF token on the update endpoint and you get cross-user profile takeover.
-
Open Redirect: Accessing Internal Pages via Login Redirect
Exploit an unvalidated redirect parameter on OopsSec Store's login page to reach a restricted internal OAuth callback endpoint.
-
Session Fixation: Hijacking an Admin Account Through Support Access
Exploiting a mass assignment flaw in a support access token endpoint to generate a session for the admin account and access the admin dashboard.
-
Insecure Password Reset: Predictable Token Forgery
Exploit a predictable password reset token generation mechanism to take over any user account.
-
XML External Entity Injection: Exploiting a Legacy Supplier Import Endpoint
Exploiting an insecure XML parser in the supplier order import feature to read arbitrary server-side files and retrieve a flag.
-
Plaintext Password Exposure: Exploiting Server Logs via a Hidden SIEM Interface
Exploiting a forgotten debug statement that logs plaintext passwords and a hidden SIEM dashboard with hardcoded credentials to retrieve a flag.
-
Exploiting a Product Search SQL Injection
How to exploit a vulnerability in a tiny search box to quietly expose an entire database.
-
Second-Order SQL Injection: When Trusted Data Turns Hostile
How a crafted display name stored through a product review becomes a SQL injection payload when an admin filters reviews on the moderation panel.
-
Malicious File Upload: Stored XSS via SVG
Upload a malicious SVG to the admin product image field and get stored XSS that fires for every visitor.
-
Brute Force Attack: Exploiting a Login Endpoint With No Rate Limiting
Brute forcing a user password through an unprotected login endpoint using rockyou.txt.
