- Published on
This is a HackingClub championship machine where we found an IDOR that provides initial access and Privilege Escalation through XAMPP.
All Posts
All Posts
- linux (23)
- hacking-club (23)
- rce (7)
- sqli (5)
- lfi (3)
- bola (2)
- command-injection (2)
- idor (2)
- ssti (2)
- ssrf (2)
- rfi (2)
- api-rest (1)
- cve-2023-33733 (1)
- race-condition (1)
- lfr (1)
- graphql (1)
- code-injection (1)
- insecure-desseralization (1)
- windows (1)
- cloud (1)
- cve-2022-36231 (1)
- cve-2022-29464 (1)
- function-injection (1)
- cve-2022-24112 (1)
- cve-2024-29510 (1)
- seo-poisoning (1)
- xxe (1)
- Published on
The Calc machine is vulnerable to code injection, unauthorized file access, and Python library hijacking for privilege escalation.- Published on
The Poisoning machine has an LFI vulnerability exploited with Log Poisoning for RCE execution, followed by privilege escalation using Python with cap_setuid+ep capability for root.- Published on
The Lion machine is vulnerable to SQL injection, allowing RCE through the upload of a webshell, and has privilege escalation via cron jobs.- Published on
The application has vulnerabilities such as CVE-2022-29464, unrestricted file upload and remote code execution, privilege escalation via SUID binary, and Docker escape.