all InfoSec news
HackTheBox - CyberMonday
Dec. 2, 2023, 2:59 p.m. | IppSec
IppSec www.youtube.com
00:55 - Start of nmap, playing with the webapp discovering it is Laravel PHP App
06:50 - Discovering /assets is a redirect to /assets/, indicator of the Nginx off by slash [MasterRecon]
11:50 - Using the Nginx off by slash to download .env and .git to get the source code to the app
14:00 - Start of code analysis
15:55 - Finding a Mass Assignment vulnerability in the update functionality
21:50 - Taking some time to explore …
app assets code download env git hackthebox introduction laravel nginx nmap php redirect source code start webapp
More from www.youtube.com / IppSec
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Senior Security Researcher, SIEM
@ Huntress | Remote Canada
Senior Application Security Engineer
@ Revinate | San Francisco Bay Area
Cyber Security Manager
@ American Express Global Business Travel | United States - New York - Virtual Location
Incident Responder Intern
@ Bentley Systems | Remote, PA, US
SC2024-003533 Senior Online Vulnerability Assessment Analyst (CTS) - THU 9 May
@ EMW, Inc. | Mons, Wallonia, Belgium