Official Shoppy Discussion

I need to know as well. I tried to look up how that injection works but I just can’t find a source.
If anyone knows I would really appreciate that

hola lograste resolver la maquina, ya que yo tambien soy nuevo y estou super perdido no se por donde empezar

After brute-forcing directory found: ***** page but not sure if its the one with the injection vulnerability, tried *** injections attack but didn’t work. Any hint will be appreciated. Thanks.

Hey itghost. I know about the correct injection but I do not know why it works. If you’re interested I could provide you with the solution - can’t explain why it works though. Just hit me up with a PM

bypassed the auth but can’t get the foothold?

1 Like

no*** injections*

Finally rooted :partying_face:, good machine send me a DM and I will gladly help you.

The trick is to be patient at the beginning.

I’m so stuck. I feel like i’m right there at the end but I cant get through…

DM’ed you!!! need a lil’bit help

Need help? pm me

2 Likes

Kinda stuck on the enumeration phase, not really sure where to go from here. Could I get a hint?

Can anyone help me ?

Rooted! Very easy box.
The initial foothold is a bit obscure if you’re not familiar with it, as it is a bit uncommon exploit that has to be done manually and not even the common tool that automates the process can find it.

1 Like

I have found the correct login page and believe I have the correct backend DB. Can someone DM me with a hint for injection?

Thanks in advance

Same here. I found the login page, the username and running software and database backend. I am stucking with the exploit, i am stuck at trial and erroring and getting just timeouts from the webserver… Need help, please DM me!

Same issue here

Thanks for the hints @Nevuer / @es3tag.

Eventually rooted!

DM if you need any pointers and let me know what you have tried.

1 Like

Am i the only one getting 504 Bad gateway ?
It’s been going on for close to an hour when I attempt certain payloads but works well if I don’t attempt any payload and use plain text

1 Like

Ohhhh Nevermind, I got bad gateway because of the payload, it was correct but there was a slight issue I guess

Wow That was quite the box
It was easy yh but it’s easy to miss things
Remember to enumerate with a different wordlist
The will be manual if you’re getting bad gateway look at the payload you are injecting with well and tweak it
The payload that got you login will get you creds

I just gathered everyone’s hint here If it’s too much lemme know I’ll delete it

THank YOU