Source: 0xinfection.medium.com
Pwning a Backend with a Backdoor
In this quick blog post, I detail an unusual way in which I was able to escalate access to several production instances behind a properly secured network. It all started with me casually checking some traffic data for a tool I authored on GitHub.
The first thing that I always do in these situations is to verify whether or not my target site has a security contact.
Fiddling around a bit, but carefully, I figured that I was logged in with admin privileges.
Always look out for weird behavior in web-apps and try messing around with it.
The first thing that I always do in these situations is to verify whether or not my target site has a security contact.
Fiddling around a bit, but carefully, I figured that I was logged in with admin privileges.
Always look out for weird behavior in web-apps and try messing around with it.
Related Articles
Community Partners
DevOps Careers