HackTheBox - Inject

00:00 - Introduction
00:58 - Start of nmap
01:45 - Trying to identify the technology running the webapp, 404 page reveals it is likely tomcat
03:00 - Running Gobuster, then checking out the page
04:00 - Uploading an image and discovering an file disclosure vulnerability
05:15 - Talking about how File Disclosures in Java can reveal directory listings, and grabbing pom.xml
07:45 - Using Snyk to identify vulnerabilities, but first we have to install Maven
10:45 - Exploiting CVE-2022-22963 Manually …

directory disclosure disclosures file gobuster hackthebox identify image inject introduction java nmap page running start talking technology tomcat vulnerability webapp