Day 29/100 Hack and Improvement

Day 29 comes with examples for weak cryptography that achieves account takeover, and unrestricted file upload which leads RCE.

Weak Cryptography in Password Reset to Full Account Takeover

From Rajesh Ranjan. In this writeup, researcher was able to reverse the password reset token, and then he was able to generate the password reset token with his own. The application was using the following formula to generate the password reset token.

Ceaser_Cipher_Key13(reverse(email))== Password Reset Token

Checkout the full writeup here

Unrestricted File Uploads

From Sam (CoffeeJunkie). These kind of attacks can be risky for the web applications which can lead to different kind of vulnerabilities such as RCE (Remote Code Execution), XSS, completely system take overs, buffer overflow and more.

Write Up and Case

Unrestricted File Upload Leading to Remote Code Execution

The attacker manage his way to upload arbitrary files in order to achieve remote code execution which breaks into Nexus repositories and elevates its privileges to SYSTEM.