Jump to content
EH808

ELearnSecurity Exams

Recommended Posts

in get_visitor.php you have access to foomegahost_www

in sqli_ws_soap you have access to foomegahost

creds are in foomegahost

 

Have you created ticket? My exam was few years ago but I help my friend few months ago

Share this post


Link to post
Share on other sites
2 minutes ago, cipher15 said:

sure bro. I cant message you here bro there are some restriction on my account. do you have discord bro?

 

Hi bro, yes you can find me here: Auron691#5355

Share this post


Link to post
Share on other sites

POST /ws/ HTTP/1.1

.........

......

 

<soap:body>............

change login on ticket 😉

wsdl is collection/set of queries. Use othet than login

Share this post


Link to post
Share on other sites

<soap:body>

     <getTicketInfo>

             <authToken></authToken>

             <ticketId>'</ticketId>

     </getTicketInfo>

</soap:body>

 

It something like this. I am going sleep. See you tomorow

Share this post


Link to post
Share on other sites
13 hours ago, igoj said:

<soap:body>

     <getTicketInfo>

             <authToken></authToken>

             <ticketId>'</ticketId>

     </getTicketInfo>

</soap:body>

 

It something like this. I am going sleep. See you tomorow

Hi igoj, I obtained access to the user table and i noted that the credentials are encrypted (except test/password1234). Now i'm exploiting the category parameter inside the suppport.php page but it seems the same db previously detected. Where i can obtain the admin credentials? Thanks

Share this post


Link to post
Share on other sites

xss  can give you access to admin page, steal cookie 🙂

Share this post


Link to post
Share on other sites
11 minutes ago, igoj said:

xss  can give you access to admin page, steal cookie 🙂

I'm working on it, do you suggest to exploit wall.php page or category in support.php?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...