Pandakewt's blog

Home

English
Tiếng Việt

Initializing search

pandakewt/ctf-writeup

Home
CTF
Lab

Pandakewt's blog

pandakewt/ctf-writeup

Home
CTF
CTF
- DawgCTF
  DawgCTF
  - Web
    Web
    
    4Spam
    
    My Aquarium
- EHCTF
  EHCTF
  - Misc
    Misc
    
    Linux Basic 01
    
    Linux Basic 02
    
    Linux Basic 03
    
    Linux Basic 04
    
    Linux Basic 05
    
    Linux Basic 06
  - Web
    Web
    
    SQLiHuh
- Hacktheon
  Hacktheon
- SmileyCTF
  SmileyCTF
  - Web
    Web
    
    dry-ice-n-co
Lab
Lab
- Portswigger
  Portswigger
  - Access control vulnerabilities
    Access control vulnerabilities
    
    Insecure direct object references
    
    Method-based access control can be circumvented
    
    Multistep process with no access control on one step
    
    Referer-based access control
    
    User ID controlled by request parameter, with unpredictable user IDs
    
    Unprotected admin functionality
    
    Unprotected admin functionality with unpredictable URL
    
    Insecure direct object references
    
    User ID controlled by request parameter
    
    User role controlled by request parameter
    
    User ID controlled by request parameter with data leakage in redirect
    
    User role controlled by request parameter
    
    User role can be modified in user profile

Pandakewt's blog

Our greatest weakness lies in giving up. The most certain way to succeed is always to try just one more time.

– Thomas Edison

Getting started