Member-only story
This is a fun challenge where I learned a lot about common web vulnerabilities.
Step 1:
This challenge comes with source code that you can download. Open the downloaded files, and see through the “index.php” file. Here, I noticed that “PHPSESSID” cookie value is base64 encoded and it’s content is displayed on the webpage. By default, this cookie value points to /www/index.html, which is the staring page of this site.
Step 2:
You can easily display any files present on the HTB challenge system by modifying the “PHPSESSID” value. So I changed it to display the “passwd” file for fun and it worked. This is a serious LFI vulnerability.
