Day 29 comes with examples for weak cryptography that achieves account takeover, and unrestricted file upload which leads RCE.
Weak Cryptography in Password Reset to Full Account Takeover
From Rajesh Ranjan. In this writeup, researcher was able to reverse the password reset token, and then he was able to generate the password reset token with his own. The application was using the following formula to generate the password reset token.
Ceaser_Cipher_Key13(reverse(email))== Password Reset Token
Checkout the full writeup here
Unrestricted File Uploads
From Sam (CoffeeJunkie). These kind of attacks can be risky for the web applications which can lead to different kind of vulnerabilities such as RCE (Remote Code Execution), XSS, completely system take overs, buffer overflow and more.
Write Up and Case
The attacker manage his way to upload arbitrary files in order to achieve remote code execution which breaks into Nexus repositories and elevates its privileges to SYSTEM.