Official discussion thread for Intentions. Please do not post any spoilers or big hints.
Hard Linux machine, I hope to have it completed before my birthday on Friday
Looking forward to learning something new
“Hello my friends, stay a while and keep hacking” - Deckard Cain
sure is a tough one
i’m still not able to figure out what the attack vector is
Not sure but it must have to do with the new feature. Was able to get a 500 server error but nothing more …
i was able to get a blank page but how did you get 500 server error?
i tried sqlmap already but doesn’t seem like there is sql injection:/
i could be wrong though
ay same, high level with second_req was not very fruitful
Something interesting is that you could use nature\n and it still works
This is interesting, can give hints on the language used to parse the Favorite Genres, tried to dig more but still …
I’m feeling you may be onto something there.
I’ve been looking at some of the burpsuite requests and maybe there’s something there Im just trying to find every where that accepts POST
e.g : /a**/v*/g******/i*****
everytime we login, the request first goes to /st***** and then to /g****** which is why when i changed the value of the parameter, it is throwing forbidden. Atleast that’s what i think is happening
I don’t know if that interesting but if you tried to access /ga**** without authentication and changed the host header it’ll redirect you to the host and same in the jwt.
EDIT : in the jwt token admin = 0 so can we use the host header injection to make it 1?
tbh something like that seems like the path, looks like the goal of the first part is probably to access the admin directory and somehow get foothold from there by changing the admin value on different accounts to 1
either that or its a major rabbit hole