aboutsummaryrefslogtreecommitdiffstats
path: root/Parameter tampering
diff options
context:
space:
mode:
Diffstat (limited to 'Parameter tampering')
-rw-r--r--Parameter tampering/Resources/notes.md8
-rw-r--r--Parameter tampering/flag1
2 files changed, 9 insertions, 0 deletions
diff --git a/Parameter tampering/Resources/notes.md b/Parameter tampering/Resources/notes.md
new file mode 100644
index 0000000..ad19afd
--- /dev/null
+++ b/Parameter tampering/Resources/notes.md
@@ -0,0 +1,8 @@
+## Exploit
+
+1. In the survey page choosing a grade will send a POST request. The client-side form allows values between 1 and 10.
+1. Sending a request with a value outside the range (`curl --data valeur=42 --data sujet=2 "http://10.0.2.15/?page=survey" | grep flag`) will give you a flag.
+
+## Fix
+
+Client-side data should not be trusted and should be verified and sanitized both client-side and server-side.
diff --git a/Parameter tampering/flag b/Parameter tampering/flag
new file mode 100644
index 0000000..83f01d9
--- /dev/null
+++ b/Parameter tampering/flag
@@ -0,0 +1 @@
+03a944b434d5baff05f46c4bede5792551a2595574bcafc9a6e25f67c382ccaa
generated by cgit v1.2.3 (git 2.46.0) at 2026-04-16 16:12:51 +0000