all InfoSec news
HackTheBox - CyberMonday
Dec. 2, 2023, 2:59 p.m. | IppSec
IppSec www.youtube.com
00:55 - Start of nmap, playing with the webapp discovering it is Laravel PHP App
06:50 - Discovering /assets is a redirect to /assets/, indicator of the Nginx off by slash [MasterRecon]
11:50 - Using the Nginx off by slash to download .env and .git to get the source code to the app
14:00 - Start of code analysis
15:55 - Finding a Mass Assignment vulnerability in the update functionality
21:50 - Taking some time to explore …
app assets code download env git hackthebox introduction laravel nginx nmap php redirect source code start webapp
More from www.youtube.com / IppSec
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Security Compliance Strategist
@ Grab | Petaling Jaya, Malaysia
Cloud Security Architect, Lead
@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)