HackTheBox - Perspective - Exploiting and Securing DotNet Web Applications ViewState

00:00 - Intro
01:00 - Start of nmap
02:25 - Looking at the website, looks like there's different behavior for extensions
05:10 - Registering and logging into an account
06:30 - An unintended way to login, IDOR within the Forgot Password logic, can change usernames
09:15 - Uploading a new product, test XSS, File Upload
12:00 - Using FFUF with a raw http request to test for potential extensions
18:10 - Using SHTML to test for Server Side Inclusion SSI …

applications dotnet exploiting hackthebox web web applications