Skip to content

Add g00siferdev-py to Hall of Fame#35

Open
g00siferdev-py wants to merge 1 commit into
theowni:mainfrom
g00siferdev-py:hof-pr
Open

Add g00siferdev-py to Hall of Fame#35
g00siferdev-py wants to merge 1 commit into
theowni:mainfrom
g00siferdev-py:hof-pr

Conversation

@g00siferdev-py

Copy link
Copy Markdown

Hall of Fame Submission

Player: @g00siferdev-py
Achievement: Root Access & Fixed All Vulns

I completed the full exploit chain against the intentionally vulnerable application and then patched all identified vulnerabilities in my fork.

Exploit chain demonstrated

  1. Mass assignment / privilege escalation — PATCH /profile with role: Chef
  2. OS command injection — /admin/stats/disk?parameters=;whoami
  3. IDOR — GET /orders/{other_user_order_id}
  4. Information disclosure — unauthenticated GET /debug
  5. JWT algorithm confusion / none attack
  6. Weak password reset PIN brute force
  7. IP-spoofable admin password reset
  8. Hardcoded fallback database password

Patched fork

The fork is kept public as proof of work. This PR only adds the Hall of Fame entry.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant