Tag: writeup
All the articles with the tag "writeup".
-
Exploiting a Product Search SQL Injection
How to exploit a vulnerability in a tiny search box to quietly expose an entire database.
-
Second-Order SQL Injection: When Trusted Data Turns Hostile
How a crafted display name stored through a product review becomes a SQL injection payload when an admin filters reviews on the moderation panel.
-
Malicious File Upload: Stored XSS via SVG
Upload a malicious SVG to the admin product image field and get stored XSS that fires for every visitor.
-
Brute Force Attack: Exploiting a Login Endpoint With No Rate Limiting
Brute forcing a user password through an unprotected login endpoint using rockyou.txt.
-
Broken Object Level Authorization: Accessing Private Wishlists
A BOLA vulnerability in OopsSec Store's wishlist API lets any logged-in user read anyone else's private wishlist, including an admin one that contains the flag.
-
Prompt Injection: Extracting Secrets from the AI Assistant
A walkthrough of prompt injection attacks against OopsSec Store's AI assistant, bypassing its input filters to extract a flag from the system prompt.
-
SQL Injection via X-Forwarded-For Header: Exploiting IP Tracking
The app tracks visitor IPs via the X-Forwarded-For header and drops the raw value into a SQL query. Here's how to exploit it.
-
Stored XSS in Product Reviews
Exploiting stored cross-site scripting in OopsSec Store's product review functionality to execute JavaScript in every visitor's browser.
-
JWT Weak Secret: Cracking the Key to Forge Admin Access in OopsSec Store
Exploiting a JWT implementation that uses a weak signing secret to crack the key, forge admin credentials, and access restricted endpoints.
-
Chaining SQL Injection and Weak MD5 Hashing to Compromise the Admin Account
Exploiting a database leak combined with weak MD5 password hashing to gain admin access.
