Day 83 comes with some readings on persistence for account take over and a pretty cool path traversal.
Tale of account take over and persistence
From HTML Injection to Path Traversal
From Sam (CoffeeJunkie). Reading a writeup related to path traversal, it seemed pretty interesting how the pentester used the actual code from the application to see how the API was managing the images. In the code he realized that he can include a
<img> tag at the time to send the emails. Therefore, the pentester proceeds to do the following in order to achieve path traversal.
<img src=’../../../../../../../etc/passwd’ />
Where succesfully finds the file
passwd reflected in the
<img> tag in the email sent. Read the full write up here