Learn how to exploit web security vulnerabilities through a detailed walkthrough video of the "Feature Unlocked" challenge from CyberSpace CTF 2024. Master advanced techniques including cookie forgery, custom signature generation and verification, and blind command injection to gain unauthorized access to hidden features. Follow along with practical demonstrations of exploiting validation server hijacking via hidden GET parameters, implementing cookie forgery attacks, and executing blind data exfiltration. Gain hands-on experience with web security concepts while exploring the complete solution path from initial source code review through successful exploitation.
Cookie Forgery and Command Injection Walkthrough - Feature Unlocked Challenge - CSCTF 2024
Overview
Syllabus
Start
Source code review
Cookie forgery
Recreate validation server
Access unlocked feature
Command injection
Blind exfiltration
End
Taught by
CryptoCat
Related Courses
-
Ethical Hacking 101: Web App Penetration Testing - a full course for beginners
4.6 -
Complete Web Application Offensive Hacking Course:Pro Hacker
-
JWT Algorithm Confusion and Server-Side Template Injection in Pug - Web Security Tutorial
-
XML External Entity Injection (XXE) - Exploiting Web Application Vulnerabilities - Episode 3
-
Web Challenge Walkthroughs for LA CTF 2024: JavaScript Manipulation, Cookie Tampering, SQL Injection, and XSS - Part 1
-
XSS Exploitation in PDF.js Using CVE-2024-4367 - Akasec CTF Challenge
