webProeasy

Lab 300 — PlanForge — Broken Authentication via Hidden Trial Activation

hackadvisor

Task: Project planning SaaS with free/premium tiers, flag accessible only to premium users. Solution: Analyzed JavaScript source to find commented-out trial activation endpoint, called hidden API to upgrade to premium, accessed analytics page containing the flag.

$ ls tags/ techniques/

javascript_analysis api_abuse honeypot broken_access_control hidden_endpoint trial_bypass

javascript_source_analysissubscription_tier_bypasscommented_endpoint_discoveryhidden_api_exploitation

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[web][Pro]Lab 217 — PlanForge — Broken Authorization in Subscription Upgrade— hackadvisor
[web][Pro]Lab 116 — InsightForge — IDOR via Undocumented Internal API— hackadvisor
[web][Pro]Lab 291 — HireFlow — Broken Authorization in Premium Feature Endpoints— hackadvisor
[web][Pro]Lab 133 — MailForge — SSTI via Handlebars Template Preview— hackadvisor
[web][Pro]Lab 320 — BuildForge — Path Traversal to RCE via CLI @File Expansion— hackadvisor