WU_DOJO36_YesWeHack(SQLI->Command Injection)

November 5, 2024 - 7 mins read

DESCRIPTION In an SQL Injection (SQLi) vulnerability within a Python application, an attacker can manipulate unfiltered user inputs in SQL queries to gain unauthorized access to user accounts and escalate privileges. By compromising an ‘dev’ account, the attacker can then exploit a command injection vulnerability, often found in poorly sanitized functions like os.system or subprocess. This allows arbitrary commands to be executed on the server, leading to full system compromise, access to sensitive files, or remote code execution.

WU_DOJO35_YesWeHack(SSTI with NodeJS)

November 5, 2024 - 4 mins read

Description In the case of SSTI (Server-Side Template Injection) in a Node.js environment, a vulnerability is exploited when uncontrolled user data is injected into server-side templates. This type of flaw allows an attacker to execute malicious JavaScript code on the server, which can lead to complete system compromise, including reading or modifying sensitive files and executing remote commands. In this vulnerability, the identified entry point was the _render(template, data) function, where unfiltered data was passed directly into the template, allowing the attacker to manipulate template logic and gain control over the server.

WU_DOJO_Halloween_Edition_YesWeHack(SSRF->LFI in php)

November 5, 2024 - 4 mins read

DESCRIPTION The identified vulnerability exploits a Server-Side Request Forgery (SSRF) flaw, allowing an attacker to bypass access restrictions to local and internal server resources. By manipulating requests, it is possible to force the server to access local files via file_get_contents or exposed local services. In this context, the attack is intensified by combining SSRF with Local File Inclusion (LFI), enabling an attacker to read internal files on the server and access sensitive information.