Weak Cookies and Parameters

We should take a look at the requests to see what is going on and hwat we can do to manipulate cookies and other paramaters. This could be useful.

Weak authentication

This seems to be an event system that allows us to message an administrator. We can easily create a new user via the Register link. Once registered and logged in, we are able to add a new log event under the New Event Log tab. However, when we try to submit the new event, the system prompts that "Only the admin can update the Event logs".

One interesting thing to notice is the presence of a userLevel cookie with the value ZGVmYXVsdA%3D%3D. Let's try to base64-decode the string:

kali@kali:~$ echo "ZGVmYXVsdA==" | base64 --decode
default

This decodes as default, which may refer to our access level. Let's try to update the userLevel cookie with a new value:

kali@kali:~$ echo -n admin | base64
YWRtaW4=

With this modification in place, we can now send messages.

PreviousNode.Js Command Injection NextPHP Web Shells

Last updated 2 years ago