JOIN BREACHFORUMS TELEGRAM
Looking for advanced penetration testing? What takes others days or weeks, we find in hours.
HTB - FastJson and Furious
by Th3B4h0z - Monday July 29, 2024 at 05:31 AM
VIP User
VIP
Posts: 116
Threads: 6
Joined: Mar 2024
Reputation: 17
#11
Jul 31, 2024, 11:10 AM (This post was last modified: Jul 31, 2024, 11:10 AM by mazafaka555.)
(Jul 30, 2024, 08:08 PM)invisigoth Wrote: The challenge is named after fastjson.
The apk is using fastjson 1.1.52
Looking for vulnerabilities: https://security.snyk.io/package/maven/c...52.android
The first vulnerability is CVE-2022-25845
The details are https://jfrog.com/blog/cve-2022-25845-an...erability/
Follow the article and the json payload to enable the flag becomes obvious.

Great catch! That explain everything...
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [FREE] CPTS 12 FLAGS pulsebreaker 85 3,016 1 hour ago
Last Post: suncho
  Hack the box Pro Labs, VIP, VIP+ 1 month free Method RedBlock 29 2,678 6 hours ago
Last Post: newuser201
  [FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags Techtom 41 3,335 6 hours ago
Last Post: newuser201
  [MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot htb-bot 95 8,733 11 hours ago
Last Post: zxACASD
  CBBH Write Ups hiddenhacker 26 6,689 Yesterday, 08:45 AM
Last Post: d39ug

Forum Jump:


 Users browsing this forum: 2 Guest(s)