Vulnerability Assessment Penetration Test Report for Dont-use-client-side (Category Web Exploitation - picoCTF)
Comments FOLLOW SITE

Ad

Vulnerability Assessment Penetration Test Report for Dont-use-client-side (Category Web Exploitation - picoCTF)

Vulnerability Assessment Penetration Test Report for Dont-use-client-side (Category Web Exploitation - picoCTF)
Profil Info Written By

Title: Login credentials stored on page source.

Description of the Vulnerability: This website has login credentials on its Page source.

Summary: In the picoCTF Dont-use-client-side challenge, we were able to access the flag as its login credentials were stored on its Page source.

The technical investigation finished at 8:40 UTC, concluding that there was no malicious intent or indicators of exploitation.

Steps to reproduce: 

1. Click on the link to the Dont-use-client-side website.
2. View the page source of the webpage.
3. You will find the login credential i.e. the flag stored on the page source itself.


Impact:   

1. Got access to the flag as its login credentials were stored on its Page source.


Mitigation: 

1. Do not store important data on the page source.


POC (Proof of concept): 








FLAG: picoCTF{no_clients_plz_7723ce}

0 Response to "Vulnerability Assessment Penetration Test Report for Dont-use-client-side (Category Web Exploitation - picoCTF)"

Post a Comment

If you have any doubts, please let me know...

Subscribe to: Post Comments (Atom)

Ads Atas Artikel

Ads Center 1

Ads Center 2

Ads Center 3