webPromedium
90 - Самое надежное хранилище (The Most Secure Storage)
duckerz
Task: Go file storage with JWT authentication. Solution: Mass assignment to set is_paid=true during registration, then path traversal via unsanitized folderName parameter to read flag.txt from root directory.
$ ls tags/ techniques/
mass_assignment_bypasspath_traversal_via_parameterjwt_authentication
🔒
Permission denied (requires tier.pro)
Sign in to access full writeups
Sign in with GitHub to continue. No email required.
$sign in$ grep --similar
Similar writeups
- [web][Pro]76 - Надежное хранилище (Reliable Storage)— duckerz
- [web][Pro]Сила воли (Willpower)— duckerz
- [web][Pro]Печеньки с молочком (Cookies with Milk)— duckerz
- [web][Pro]Арифметика (Arithmetic)— duckerz
- [web][Pro]Ghost Cloud— hackerlab