Day 83/100 Hack and Improvement

less than 1 minute read

Day 83 comes with some readings on persistence for account take over and a pretty cool path traversal.

Tale of account take over and persistence

From Rajesh Ranjan. Here is the link for the article.

From HTML Injection to Path Traversal

From Sam (CoffeeJunkie). Reading a writeup related to path traversal, it seemed pretty interesting how the pentester used the actual code from the application to see how the API was managing the images. In the code he realized that he can include a <img> tag at the time to send the emails. Therefore, the pentester proceeds to do the following in order to achieve path traversal.

<img src=’../../../../../../../etc/passwd’ />

Where succesfully finds the file passwd reflected in the <img> tag in the email sent. Read the full write up here

via GIPHY

Leave a comment