BreachForums

JOIN BREACHFORUMS TELEGRAM

Pages (2): « Previous 1 2

HTB - FastJson and Furious

by Th3B4h0z - Monday July 29, 2024 at 05:31 AM

mazafaka555

VIP User

Posts: 116

Threads: 6

Joined: Mar 2024

Reputation: 17

#11

Jul 31, 2024, 11:10 AM (This post was last modified: Jul 31, 2024, 11:10 AM by mazafaka555.)

(Jul 30, 2024, 08:08 PM)invisigoth Wrote: The challenge is named after fastjson.
The apk is using fastjson 1.1.52
Looking for vulnerabilities: https://security.snyk.io/package/maven/c...52.android
The first vulnerability is CVE-2022-25845
The details are https://jfrog.com/blog/cve-2022-25845-an...erability/
Follow the article and the json payload to enable the flag becomes obvious.

Great catch! That explain everything...

« Next Oldest | Next Newest »

Pages (2): « Previous 1 2

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	CPTS-FLAG	darkcat	14	5,704	21 minutes ago Last Post: Sukon
	[FREE] CPTS 12 FLAGS	pulsebreaker	78	2,578	26 minutes ago Last Post: hitlerssecretsidechick
	[MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot	htb-bot	91	8,259	28 minutes ago Last Post: hitlerssecretsidechick
	[FREE] 300+ Writeups PDF HackTheBox/HTB premium retired	Tamarisk	381	94,427	3 hours ago Last Post: xixi75
	[FREE] HackTheBox All Cheatsheets	Tamarisk	14	771	4 hours ago Last Post: phas3lock

Forum Jump:

Users browsing this forum: 1 Guest(s)