HTB - FastJson and Furious
by Th3B4h0z - Monday July 29, 2024 at 05:31 AM
|
Posts: 116
Threads: 6
Joined: Mar 2024
Jul 31, 2024, 11:10 AM
(This post was last modified: Jul 31, 2024, 11:10 AM by mazafaka555.)
(Jul 30, 2024, 08:08 PM)invisigoth Wrote: The challenge is named after fastjson.
The apk is using fastjson 1.1.52
Looking for vulnerabilities: https://security.snyk.io/package/maven/c...52.android
The first vulnerability is CVE-2022-25845
The details are https://jfrog.com/blog/cve-2022-25845-an...erability/
Follow the article and the json payload to enable the flag becomes obvious.
Great catch! That explain everything...
|
| Possibly Related Threads… |
| Thread |
Author |
Replies |
Views |
Last Post |
| |
[FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags |
Techtom |
34 |
3,136 |
3 hours ago
Last Post: 0xff0day
|
| |
[MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot |
htb-bot |
93 |
8,535 |
4 hours ago
Last Post: shx
|
| |
Hack the box Pro Labs, VIP, VIP+ 1 month free Method |
RedBlock |
25 |
2,534 |
Yesterday, 02:43 PM
Last Post: cry_elite
|
| |
CBBH Write Ups |
hiddenhacker |
25 |
6,597 |
Yesterday, 02:41 PM
Last Post: cry_elite
|
| |
[FREE] CPTS 12 FLAGS |
pulsebreaker |
84 |
2,934 |
Yesterday, 02:33 PM
Last Post: justhelpmefly
|
Users browsing this forum: 1 Guest(s)
