webProhard

Запретный код (Forbidden Code)

hackerlab

Task: PHP app with login/registration and failed login logging. Solution: Stored XSS via User-Agent header injection combined with CSRF password change to take over admin account.

$ ls tags/ techniques/

php stored_xss csrf xss_csrf_chain user_agent_injection password_change admin_takeover bot_exploitation client_side_attack login_logging html_comment_leak

Stored XSS via User-Agent header injectionCSRF for password change without token protectionXSS+CSRF attack chain for admin account takeoverBot exploitation (waiting for admin to trigger payload)

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[web][Pro]Запретный код 2 (Forbidden Code 2) — HackerLab— hackerlab
[web][Pro]Провальный код (Failed Code)— hackerlab
[web][Pro]Доступ запрещён (Access Denied)— hackerlab
[web][Pro]Звездный сейф (Star Safe)— hackerlab
[web][Pro]Ограничения (Restrictions)— hackerlab