Tag: ctf
All the articles with the tag "ctf".
-
Broken Object Level Authorization: Accessing Private Wishlists
A BOLA vulnerability in OopsSec Store's wishlist API lets any logged-in user read anyone else's private wishlist, including an admin one that contains the flag.
-
Prompt Injection: Extracting Secrets from the AI Assistant
A walkthrough of prompt injection attacks against OopsSec Store's AI assistant, bypassing its input filters to extract a flag from the system prompt.
-
SQL Injection via X-Forwarded-For Header: Exploiting IP Tracking
The app tracks visitor IPs via the X-Forwarded-For header and drops the raw value into a SQL query. Here's how to exploit it.
-
Stored XSS in Product Reviews
Exploiting stored cross-site scripting in OopsSec Store's product review functionality to execute JavaScript in every visitor's browser.
-
JWT Weak Secret: Cracking the Key to Forge Admin Access in OopsSec Store
Exploiting a JWT implementation that uses a weak signing secret to crack the key, forge admin credentials, and access restricted endpoints.
-
Chaining SQL Injection and Weak MD5 Hashing to Compromise the Admin Account
Exploiting a database leak combined with weak MD5 password hashing to gain admin access.
-
Insecure Direct Object Reference: Unauthorized Order Access
How changing one number in the URL lets you read anyone's order on OopsSec Store.
-
Server-Side Request Forgery: Accessing Internal Pages via Support Form
Exploiting a server-side request forgery vulnerability in OopsSec Store's support form to access restricted internal pages.
-
Client-Side Price Manipulation
Exploiting a server-side validation failure in OopsSec Store's checkout process to purchase products at arbitrary prices.
-
Mass Assignment: Admin Privilege Escalation via Signup
Exploiting a mass assignment vulnerability in OopsSec Store's signup endpoint to create an account with administrator privileges.
