Context & Question

You are performing a web application penetration test for a software development company, and they task you with testing the latest build of their social networking web application. Try to utilize the various techniques you learned in this module to identify and exploit multiple vulnerabilities found in the web application.

Try to escalate your privileges and exploit different vulnerabilities to read the flag at '/flag.php'.

Elevating privileges sounds like:

Recon

Performing quick recon to learn about the app and its technologies.

Pasted image 20240716103422.png

Pasted image 20240716103451.png

HTTPOnly Flag not set - nothing overly interesting.

There are many different web pages on the site that were found just by manually exploring with Burp.

Pasted image 20240716104249.png