DIVA - Hardcoding Issues - Part 1


Now let’s come to our next vulnerability which is Hardcoding Issues
2-1
The one common mistake which many developers do while either making the web application or mobile application, they unintentionally forget to remove the hardcoded password or keys, which help an attacker to access sensitive information.
To solve this challenge we need to follow the same steps which we did in the last challenge
2-2
We need to use jad again to see the clear text of the file
2-3
KEY= “vendorsecretkey”
As you can see inside the code we can see the key, let’s try it inside application
2-4

Mükemmel As you can see the key worked perfectly and the access has been granted to us.

~ tavşanı sever

Twitter / Hack The Box / CTF Team / Teck_N00bs Community Telegram

Comments