Tag: xxe
-
Metatwo | Hack The Box
Port 21 is interesting, nmap thinks it’s an FTP service but we can’t get anything back from it, so will try to look at the web app. It’s quickly evident that it’s a Word Press website and WPScan reveals that it’s quite out of date. A link on the home page takes us to /events/ […]
-
RedPanda | Hack The Box
First nmap results, not a lot to go at other than to investigate the web app. If we hit search without anything in we get a bit of info about potential usernames. We can also quickly discover the search bar is vulnerable to SSTI: After following the HackTricks cheat sheet and googling the resulting error […]