-
login me sql injection (admmin list user with search and bli) -> Done
-
profile page -> broken access control. (is_admin => true) Mass assigment. -> [insecure design] -> Done
-
profile/uuid -> update info. [broken access control] -> Done
-
rce|command injection|xml entiity injection| LFI, RFI | Outdate component. -> Done
-
Dashboard pull maps. -> SSRF | Filter | https://snowscan.io/htb-writeup-travel/# | show logs from localhost only. Done
-
loggin monitoring failure -> ssrf 6
-
jwt | identification and authentication failure
-
software and data integirty failure | laravel deserialization.
use list blink inject in admin
jwt -> none -> cryto