search

display-codeHTB Academy - Web Attacks Lab Assessment

Authenticate with user "htb-student" and password "Academy_student!"

Scenario: You are performing a web application penetration test for a software development company, and they task you with testing the latest build of their social networking web application. Try to utilize the various techniques you learned in this module to identify and exploit multiple vulnerabilities found in the web application.

hashtag
Source Code Review

Reviewing the source code, found an api endpoint /api.php/user

hashtag
Checking for IDOR

The endpoint is vulnerable to IDOR:

hashtag
Other Functionalities Assessment

PreviousHTB - Artificial (Linux/Easy)NextWeb

Last updated