Корпоративное хранилище (Corporate Storage)

hackerlab

Task: Flask file storage app with source code provided. Solution: Exploited HTTP Parameter Pollution combined with IDOR - the app uses first user_id for database query but last user_id for access check, allowing access to admin files by passing two user_id parameters.

idor authorization_bypass api parameter_pollution

idor_exploitationhttp_parameter_pollutionaccess_control_bypass

$ ls tags/ techniques/

idor authorization_bypass api parameter_pollution

idor_exploitationhttp_parameter_pollutionaccess_control_bypass

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[web][Pro]Ghost Cloud— hackerlab
[web][Pro]90 - Самое надежное хранилище (The Most Secure Storage)— duckerz
[web][Pro]Привилегированный гость (Privileged Guest)— hackerlab
[web][Pro]SecretKeeper— hackerlab
[web][Pro]Обычная страница— hackerlab