🚩
Anthony Morell's Gitbook
Capture The Flag
CertificationsCapture The FlagBug BountiesHome
Capture The Flag
CertificationsCapture The FlagBug BountiesHome
  • 🖥️CTF Writeups
  • 🟦TryHackMe
    • THM Overview
      • Reverse Engineering
      • Game Server
      • Obscure Web Vulns
      • UltraTech
      • Linux Privilege Escalation
      • The Marketplace
      • RootMe
      • Agent Sudo
      • Startup
      • Lian_Yu
      • Advent of Cyber 2022
        • [Day 1] Frameworks
        • [Day 2] Log Analysis
        • [Day 3] OSINT
        • [Day 4] Scanning
        • [Day 5] Brute-Forcing
        • [Day 6] Email Analysis
        • [Day 7] CyberChef
        • [Day 8] Smart Contracts
        • [Day 9] Pivoting
        • [Day 10] Hack a game
        • [Day 11] Memory Forensics
        • [Day 12] Malware Analysis
        • [Day 13] Packet Analysis
        • [Day 14] Web Applications
        • [Day 15] Secure Coding
        • [Day 16] Secure Coding
        • [Day 17] Secure Coding
        • [Day 18] Sigma
        • [Day 19] Hardware Hacking
        • [Day 20] Firmware
        • [Day 21] MQTT
        • [Day 22] Attack Surface Reduction
        • [Day 23] Defence in Depth
        • [Day 24] The End
  • 🟫PentesterLab
    • PL Overview
      • Recon Badge
        • Badge Solutions
  • 🟩Hack The Box
    • HTB Overview
      • HTB Post
  • 🟧BurpSuite Academy
    • BSA Overview
      • GraphQL API vulnerabilities
        • Accessing private GraphQL posts
        • Accidental exposure of private GraphQL fields
        • Finding a hidden GraphQL endpoint
  • 🏁Competitions
    • Competition Overview
      • GM Bug Bounty Competition
Powered by GitBook
On this page
  1. TryHackMe
  2. THM Overview
  3. Advent of Cyber 2022

[Day 14] Web Applications

December 14, 2022

Previous[Day 13] Packet AnalysisNext[Day 15] Secure Coding

Last updated 2 years ago

Today I am reviewing OWASP's top 10 vulnerabilities and specifically the IDOR vulnerability. First I log into the web application with the given credentials.

Next, I increment the values in the URL.

Once I find that flag I inspect the webpage and find an /images directory. I paste that information into the browser and increment/decrement the values in the URL. I am then granted the flag for this challenge.

Here is my sad drawing that illustrates the IDOR vulnerability being used in different folders from the web application. Since we cannot retrieve the flag from the same directory, we have another known directories /images found from inspecting the webpage.

Flags

What is the office number of Elf Pivot McRed?

134

Not only profile pages but also stored images are vulnerable. Start with a URL of a valid profile image; what is the hidden flag?

THM{CLOSE_THE_DOOR}

🟦
  • Flags
  • What is the office number of Elf Pivot McRed?
  • Not only profile pages but also stored images are vulnerable. Start with a URL of a valid profile image; what is the hidden flag?