6.5.1 (Incomplete)

October 2, 2025

There is at least one additional attack vector which involves manipulation of Java class files and the use of JSP files. While not simple, it can be accomplished. See if you can find and exploit th...

4.9.4

October 2, 2025

Develop a fully functional exploit that will combine the previous vulnerabilities to achieve remote code execution:

4. ATutor Authentication Bypass and RCE

October 2, 2025

grep -rnw /var/www/html/ATutor -e "^.*user_location.*public.*" --color

3. Ssl Pinning

October 2, 2025

SSL pinning, also known as certificate pinning, is a security precaution that involves including the known server's certificate within the client application's codebase.

14.5.2

October 2, 2025

Switch the Templating Engine to Pug and discover a path to RCE.

14.5.1

October 2, 2025

Switch to the Pug templating engine. Discover a mechanism to detect if the target is running Pug using prototype pollution. Using this mechanism, obtain XSS against the target.

« Prev 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 Next »