Sunday, June 14, 2020

Hacker101 CTF: Micro-CMS v1 Part 1

Now moving on to the next challenge.


Here we have something to click on :D. First what I did was clicked on all


Testing had some static text, while Markdown Test included one button but nothing was working there. Next, in create page there was some form we can fill up. There are 4 flags to catch in this part of the exercise, which means each link should atleast give me one flag.

As I click on Testing, it gives me some static information. However, we can see an option to edit the page. So, let's edit.

First thing first, when we testing on web applications, the thing that we first need to look is SQL injection and XSS attack scenario. Let's go with the SQL injection.

If we look into the URL, it shows the identifier to the link. http://35.190.155.168/64fcf8db67/page/edit/1
To check injection, I will change add ' OR 1=1' -- to the given URL


Voila! there is a flag.


4 comments:

  1. Thanks you for sharing this unique useful information content with us. Really awesome work.. ISO 45001 Qatar

    ReplyDelete
    Replies

    1. INTERNET SCAM ALERT‼️

      The internet today is full of SCAM ADS, mostly in comments of various sites and blogs. A large number of individuals have been victims of scam and lost a lot of money to SCAMMERS. Most of the common scam you can see
      ❌BANK LOAN SCAM. ❌CRYPTO INVESTMENT SCAM.
      ❌LOTTERY SCAM. ❌HACKING SCAM. and lost more......

      ✳️The big Question is “Can someone who is a victim of Scam get their money back⁉️
      I will say yes, and will tell you how.

      The only way to Recovery your is to hire a Hacker who will help you take back your money from this Scammers and today is your lucky day, you just met the guys perfect for the job.

      WHO ARE WE❔❔
      We are PYTHONAX, A group of skilled Hackers who have dedicated our time to help individuals get back thier money from INTERNET SCAMMERS. There is a research that was carried out to determine the amount of money lost through Scam, and it was confirmed that over USD $3 billion annually, millions of people get scammed everyday.

      HOW DO WE OPERATE❔
      We first of all study the scammer(s) brought to us by hacking the device(phone or computer) to get information of How, Where, this person keeps money he/she as defrauded people of ( so many of this scammers don’t actually save the money in banks, they mostly stack the money in a Bitcoin wallet, that way it is safe and untraceable to authorities) and we work on a strategy to get back the money and give it back to whom they have defrauded.

      Contacting us is simple, just give us a message through the email below.
      New Email📧-: HELP@PYTHONAX.TECH
      Old 📧 -: SERVICES@PYTHONAX.TECH

      If you a victim of internet scam or you know someone who is, make contact to us immediately. You are 💯 % safe to contact us, our email is very secure.



      We also provide Legit Hacking Services such as-:
      🔸Phone Hacking/Cloning
      🔸Email Hacking & Password Recovery
      🔸Social Media Hacking & Passowrd Recovery
      🔸Deleted Files Recovery 🔸Mobil Tracking
      🔸Virus detection & Elimination. e.t.c

      Email-: HACKSERVICES@PYTHONAX.TECH




      Pythonax.
      2023 © All Right Reserved.









      Delete
  2. Thanks for given detail information to me. keep posting like this. iso-50001

    ReplyDelete