![]() ![]() Side note - it may be possible to inject some malicious PHP code into any of the fields present in the browser, depending on how sanitization is handled.Īfter following the URI in Valenka’s profile, it seems we’re directed to a company blog. Simple right? Ok GO!Īfter clicking around investigating the admin gui, a hint is found within the profile or user: Valenka. Then go back to casino-royale.local/pokeradmin/configure.php and you should be logged in as admin. Steps seem simple enough, go to casino-royale.local/pokeradmin/configure.php enter the following string into the url: javascript:okie = "ValidUserAdmin=admin" Looks like this web app is vulnerable to Insecure Cookie Handling, which would allow anyone to login as Admin. Running a quick searchsploit query brings up a compatible exploit: Update your /etc/hosts file to match this request (which may be needed for future exploits -)Īt the bottom of the page a juicy chuck of info is found - Created with PokerMax Poker League Software. Investigating a bit it seems like a Poker tournament leaderboard - including some familiar characters.įirst, note the info mentions to use the domain of: casino-royale.local vs the ip. Port 80 contains quite a bit of directory hits including index.php. Port 8081 contains PHP running something in collect.php, no hits on dirb - we’ll be putting this on the todo list. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |