webeasy

Нулевой заказ (Null Order)

hackerlab

Task: Order Manager web app with hidden API parameters in JavaScript. Solution: Analyzed JS code to find ext parameter, changed file extension from .order to .txt to read flag file via Arbitrary File Read.

$ ls tags/ techniques/
javascript_analysislfiphparbitrary_file_readfile_extension_manipulationparameter_tampering
Arbitrary File Read via extension parameter manipulationClient-side JavaScript analysis for hidden parameters
🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Create a free account with GitHub, then upgrade to Pro.

$ssh [email protected]