[Day 14] Web Applications
December 14, 2022
Today I am reviewing OWASP's top 10 vulnerabilities and specifically the IDOR vulnerability. First I log into the web application with the given credentials.
Next, I increment the values in the URL.
Once I find that flag I inspect the webpage and find an /images directory. I paste that information into the browser and increment/decrement the values in the URL. I am then granted the flag for this challenge.
Here is my sad drawing that illustrates the IDOR vulnerability being used in different folders from the web application. Since we cannot retrieve the flag from the same directory, we have another known directories /images found from inspecting the webpage.
Flags
What is the office number of Elf Pivot McRed?
134
Not only profile pages but also stored images are vulnerable. Start with a URL of a valid profile image; what is the hidden flag?
THM{CLOSE_THE_DOOR}
Last updated