blob: ad19afdaa846cb2ad71806f2bc10cc6dd34f10c7 (
plain)
1
2
3
4
5
6
7
8
|
## Exploit
1. In the survey page choosing a grade will send a POST request. The client-side form allows values between 1 and 10.
1. Sending a request with a value outside the range (`curl --data valeur=42 --data sujet=2 "http://10.0.2.15/?page=survey" | grep flag`) will give you a flag.
## Fix
Client-side data should not be trusted and should be verified and sanitized both client-side and server-side.
|
