webeasy
Творение безумца (Work of a Madman)
hackerlab
Task: PHP application with source code provided. Solution: Found hardcoded credentials and exploited parse_str() query string injection to set admin role in session.
$ ls tags/ techniques/
phpsession_manipulationauthentication_bypasshardcoded_credentialssource_code_analysisparse_strquery_string_injectionrole_bypassinsecure_sessionuser_controlled_input
Source code analysis for credential discoveryQuery string parameter injection via parse_str()Session role manipulationAuthentication bypass with hardcoded credentials
🔒
Permission denied (requires tier.pro)
Sign in to access full writeups
Create a free account with GitHub, then upgrade to Pro.
$ssh [email protected]