All Posts

Máquina sobre Broken Access Control, BOLA, SQL Injection e linux capabilities.

On the Paradize machine, we need to exploit an SQL injection to upload a webshell and explore a path hijacking vulnerability.

The Injection machine is vulnerable to Command Injection (CVE-2022-36231) and privilege escalation via sudo.

Application has a BOLA vulnerability, unauthorized file access, SSH key usage, privilege escalation via SUID, and code execution.

The application has vulnerabilities of Local File Inclusion (LFI), Remote Code Execution (RCE) via Jenkins, and privilege escalation using a SUID binary.