JOIN BREACHFORUMS TELEGRAM
HTB - Editorial
by paven - Saturday June 15, 2024 at 05:48 PM
Breached
Member
Posts: 78
Threads: 24
Joined: Nov 2023
Reputation: 1
#1
Jun 15, 2024, 05:48 PM
Editorial - Linux - Easy

Good luck everyone! Let's tackle this together!
https://app.hackthebox.com/machines/Editorial
Reply
Banned

Posts: 40
Threads: 0
Joined: Mar 2024
Reputation: 0
#2
Jun 15, 2024, 06:52 PM
will be solving it today only

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.
Reply
Breached
Member
Posts: 14
Threads: 0
Joined: Apr 2024
Reputation: 0
#3
Jun 15, 2024, 07:36 PM
any hints/findings for user?
Reply
MVP User
MVP
Posts: 8
Threads: 0
Joined: May 2024
Reputation: 20

MVP
#4
Jun 15, 2024, 07:44 PM
/upload has pingback on the URL field when hitting preview.
Reply
Breached
Member
Posts: 9
Threads: 0
Joined: Jun 2024
Reputation: 0
#5
Jun 15, 2024, 07:50 PM
anyother updates whatever i uploaded its uploading as txt file
Reply
Breached
Member
Posts: 4
Threads: 0
Joined: Jun 2024
Reputation: 0
#6
Jun 15, 2024, 07:52 PM (This post was last modified: Jun 15, 2024, 07:53 PM by newbi31.)
preview gives the url path but file ext is changed even i upload double ext it remove all ext
Reply
Advanced User

Posts: 96
Threads: 2
Joined: Feb 2024
Reputation: 0
#7
Jun 15, 2024, 08:00 PM
The image is unchanged (so no imagemagick on the server) and the preview URL is valid for one request as far as I can see now
Reply
Breached
Member
Posts: 13
Threads: 0
Joined: Jan 2024
Reputation: 0
#8
Jun 15, 2024, 08:01 PM
(Jun 15, 2024, 07:52 PM)newbi31 Wrote: preview gives the url path but file ext is changed even i upload double ext it remove all ext

Same, I'm trying to inject command on the field, but no luck
Reply
VIP User
VIP
Posts: 26
Threads: 6
Joined: Dec 2023
Reputation: 10
#9
Jun 15, 2024, 08:02 PM
Think the focus is on the cover URL - it grabs your input URL and attempts to display it as an image. Supplying an actual image and re-downloading it through the application doesn't yield any metadata about software in use
Reply
Breached
Member
Posts: 4
Threads: 0
Joined: Jun 2024
Reputation: 0
#10
Jun 15, 2024, 08:05 PM
http://editorial.htb/static/uploads/e6d3...18a612d27f
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [FREE] CPTS 12 FLAGS pulsebreaker 66 1,774 2 hours ago
Last Post: vlka
  [FREE] 300+ Writeups PDF HackTheBox/HTB premium retired Tamarisk 370 92,502 8 hours ago
Last Post: lifolifo007
  Hack the box Pro Labs, VIP, VIP+ 1 month free Method RedBlock 23 2,209 11 hours ago
Last Post: kkkato
  [FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags Techtom 20 2,521 Apr 29, 2026, 11:06 PM
Last Post: op334
Heart [FREE] HackTheBox All Cheatsheets Tamarisk 3 414 Apr 29, 2026, 10:36 PM
Last Post: op334

Forum Jump:


 Users browsing this forum: 1 Guest(s)