mirror of
https://github.com/20kaushik02/CSE545_SS_Work.git
synced 2026-01-25 16:34:05 +00:00
back to project 4
This commit is contained in:
@@ -544,6 +544,8 @@ done
|
|||||||
|
|
||||||
honestly idk just check class vid and script
|
honestly idk just check class vid and script
|
||||||
|
|
||||||
|
### lab 5a - web intro
|
||||||
|
|
||||||
### lab 5a.1 - get command injection
|
### lab 5a.1 - get command injection
|
||||||
|
|
||||||
- unsanitized url query param as grep input
|
- unsanitized url query param as grep input
|
||||||
@@ -570,3 +572,26 @@ honestly idk just check class vid and script
|
|||||||
|
|
||||||
- not really session hijack, flag is the password, sent in plaintext
|
- not really session hijack, flag is the password, sent in plaintext
|
||||||
- tcpdump access given, done
|
- tcpdump access given, done
|
||||||
|
|
||||||
|
### lab 5b - sql injection
|
||||||
|
|
||||||
|
### lab 5b.1 - sql pass to session
|
||||||
|
|
||||||
|
## Project 04 - continued
|
||||||
|
|
||||||
|
### .16 - arg wars VI - return of the hacker - reattempt
|
||||||
|
|
||||||
|
- backslash isn't filtered
|
||||||
|
- escape the double quote with a backslash to break apart the find command
|
||||||
|
- `/challenge/run "lint\" -exec {} +\""`
|
||||||
|
|
||||||
|
### .17 - arg wars VII - the hacker awakens
|
||||||
|
|
||||||
|
- they filter backtick? idk
|
||||||
|
- idk why but quote needs to be changed
|
||||||
|
- `/challenge/run "\"lint\" -exec {} +"`
|
||||||
|
|
||||||
|
### .18 - arg wars VIII - the last hack
|
||||||
|
|
||||||
|
- went back to being same as .16
|
||||||
|
- idek
|
||||||
|
|||||||
Reference in New Issue
Block a user