Earlier this week I decided to develop a unique web challenge for Try Hack Me, which is named “Temple”. You can find the room here. The platform was developed using Python Flask and MariaDB as the database backend. Recon and enumeration After deploying the machine, it is good to wait…
flask
Insecure Direct Object Reference (IDOR) vulnerabilities are still in the wild and could lead to, for example, horizontal privilege escalation. A user could modify certain values in a web application and gain access to unauthorised data. Developing a vulnerable application Moreover, the vulnerable web application was developed using Python with…
According to OWASP, injection attacks are still a common attack vector. There are several tools which can be used to exploit a SQL vulnerability. A personal favourite is SQLmap. However, understanding how SQLi works is an important aspect of penetration testing. It is also crucial to understand how the underlying…