webProeasy
Нулевой заказ (Null Order)
hackerlab
Task: Order Manager web app with hidden API parameters in JavaScript. Solution: Analyzed JS code to find ext parameter, changed file extension from .order to .txt to read flag file via Arbitrary File Read.
$ ls tags/ techniques/
Arbitrary File Read via extension parameter manipulationClient-side JavaScript analysis for hidden parameters
🔒
Permission denied (requires tier.pro)
Sign in to access full writeups
Sign in with GitHub to continue. No email required.
$sign in$ grep --similar
Similar writeups
- [web][Pro]Секрет (Secret)— hackerlab
- [web][Pro]Заметки (Notes)— hackerlab
- [web][Pro]board_of_secrets— miptctf
- [web][Pro]Обычная страница— hackerlab
- [web][Pro]PDF Library— hackerlab