Etiqueta: Apprentice

User ID controlled by request parameter with data leakage in redirect

Descripción This lab contains an access control vulnerability where sensitive information is leaked in the body of a redirect response. To solve the lab, obtain the API key for the user carlos and submit it as the solution. You can log in to your own account using the following credentials: wiener:peter User ID controlled by request parameter with […]

User ID controlled by request parameter, with unpredictable user IDs

Descripción This lab has a horizontal privilege escalation vulnerability on the user account page, but identifies users with GUIDs. To solve the lab, find the GUID for carlos, then submit his API key as the solution. You can log in to your own account using the following credentials: wiener:peter User ID controlled by request parameter, with unpredictable […]

User ID controlled by request parameter

Descripción This lab has a horizontal privilege escalation vulnerability on the user account page. To solve the lab, obtain the API key for the user carlos and submit it as the solution. You can log in to your own account using the following credentials: wiener:peter User ID controlled by request parameter writeup Al entrar en la página web […]

User role can be modified in user profile

Descripción This lab has an admin panel at /admin. It’s only accessible to logged-in users with a roleid of 2. Solve the lab by accessing the admin panel and using it to delete the user carlos. You can log in to your own account using the following credentials: wiener:peter User role can be modified in user profile writeup Al entrar […]

User role controlled by request parameter

Descripción This lab has an admin panel at /admin, which identifies administrators using a forgeable cookie. Solve the lab by accessing the admin panel and using it to delete the user carlos. You can log in to your own account using the following credentials: wiener:peter User role controlled by request parameter writeup Al entrar en el laboratorio encontraremos […]

Unprotected admin functionality with unpredictable URL

Descripción This lab has an unprotected admin panel. It’s located at an unpredictable location, but the location is disclosed somewhere in the application. Solve the lab by accessing the admin panel, and using it to delete the user carlos. Unprotected admin functionality with unpredictable URL writeup Al entrar en la página web encontraremos una tienda online. […]

Unprotected admin functionality

Descripción This lab has an unprotected admin panel. Solve the lab by deleting the user carlos. Unprotected admin functionality writeup Al entrar encontraremos una tienda online. En principio, añadir ‘/admin’ a la URL no nos dará el panel de administrador, pero añadiendo ‘/robots.txt’ podremos ver lo siguiente: La página ‘/robots.txt’ se utiliza para decirle a los […]

Exploiting NoSQL operator injection to bypass authentication

Descripción The login functionality for this lab is powered by a MongoDB NoSQL database. It is vulnerable to NoSQL injection using MongoDB operators. To solve the lab, log into the application as the administrator user. You can log in to your own account using the following credentials: wiener:peter. Exploiting NoSQL operator injection to bypass authentication writeup Al entrar […]

Detecting NoSQL injection

Descripción The product category filter for this lab is powered by a MongoDB NoSQL database. It is vulnerable to NoSQL injection. To solve the lab, perform a NoSQL injection attack that causes the application to display unreleased products. Detecting NoSQL injection writeup Al entrar al laboratorio encontramos una tienda online: Filtraremos por ‘Gifts’ y enviaremos […]

Stored XSS into anchor href attribute with double quotes HTML-encoded

Descripción This lab contains a stored cross-site scripting vulnerability in the comment functionality. To solve this lab, submit a comment that calls the alert function when the comment author name is clicked. Stored XSS into anchor href attribute with double quotes HTML-encoded writeup Al entrar al laboratorio encontramos un blog online: Como nos indica la descripción del laboratorio, vamos […]