diff options
| author | Thomas Vanbesien <tvanbesi@proton.me> | 2026-03-27 14:44:49 +0100 |
|---|---|---|
| committer | Thomas Vanbesien <tvanbesi@proton.me> | 2026-03-27 14:44:49 +0100 |
| commit | 9441ee608adee6b4f1c98cc990fbb55d0f132232 (patch) | |
| tree | 9d1f1df17a73dcf506483b1e083f4cc4e3169d20 | |
| parent | b2af25fda585373931c00faa8615e931322a487b (diff) | |
| download | darkly-9441ee608adee6b4f1c98cc990fbb55d0f132232.tar.gz darkly-9441ee608adee6b4f1c98cc990fbb55d0f132232.zip | |
Add parameter tampering solution
| -rw-r--r-- | Parameter tampering/Resources/notes.md | 8 | ||||
| -rw-r--r-- | Parameter tampering/flag | 1 |
2 files changed, 9 insertions, 0 deletions
diff --git a/Parameter tampering/Resources/notes.md b/Parameter tampering/Resources/notes.md new file mode 100644 index 0000000..ad19afd --- /dev/null +++ b/Parameter tampering/Resources/notes.md @@ -0,0 +1,8 @@ +## Exploit + +1. In the survey page choosing a grade will send a POST request. The client-side form allows values between 1 and 10. +1. Sending a request with a value outside the range (`curl --data valeur=42 --data sujet=2 "http://10.0.2.15/?page=survey" | grep flag`) will give you a flag. + +## Fix + +Client-side data should not be trusted and should be verified and sanitized both client-side and server-side. diff --git a/Parameter tampering/flag b/Parameter tampering/flag new file mode 100644 index 0000000..83f01d9 --- /dev/null +++ b/Parameter tampering/flag @@ -0,0 +1 @@ +03a944b434d5baff05f46c4bede5792551a2595574bcafc9a6e25f67c382ccaa |