Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the ultimate-blocks domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/margheri/public_html/wp-includes/functions.php on line 6121

Notice: _load_textdomain_just_in_time işlevi yanlış çağrıldı. Translation loading for the perfect-portfolio domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Ayrıntılı bilgi almak için lütfen WordPress hata ayıklama bölümüne bakın. (Bu ileti 6.7.0 sürümünde eklendi.) in /home/margheri/public_html/wp-includes/functions.php on line 6121
Portswigger: Insecure direct object references Writeup - Aleyna Doğan

Portswigger: Insecure direct object references Writeup

This lab stores user chat logs directly on the server’s file system, and retrieves them using static URLs.

Solve the lab by finding the password for the user carlos, and logging into their account.

Lab link.

The live chat section draws attention and if we press the “View transcript” button after making a few conversations, the download will happen. We see our chat conversations in the file.

If we change the file name with a burpsuite proxy we can access another user’s conversations. For this, we turn on the intercept feature. To download again, we press “View transcript” and forward the requests until we get GET /download-transcript/3.txt.

In the forward process twice, we change the file to 1.txt and do forward operations. We download the 1.txt file.

When we examine the 1.txt file, we access the user password and we can log in to the carlos user and solve the slide.

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir