webProeasy

Поддержка от банка (Bank Support)

duckerz

Task: Bank support chat system with MD5-hashed sequential chat IDs. Solution: IDOR exploitation by predicting MD5 hashes of sequential numbers to access other users' chats and find leaked credentials.

$ ls tags/ techniques/
access_controlidorsessionmd5chat
idor_exploitationhash_predictionsequential_id_enumeration
🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Sign in with GitHub to continue. No email required.

$sign in

$ grep --similar

Similar writeups