TryHackMe: OWASP Top 10 || Severity 5 || Broken Access Control

  • Turn on your browser’s proxy and interceptor in Burp Suite → Forward the request to Intruder.
  • Load the payload from /usr/share/wordlists/SecLists/Fuzzing/alphanum-case.txt.
  • Once we start the attack, you can see that payload with variable 0 (http://10.10.147.196/note.php?note=0) is returning flag{fivefourthree}.
flag{fivefourthree}

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
goay xuan hui

goay xuan hui

A food lover, a cyber security enthusiast, a musician and a traveller, so you will see a mix of different contents in my blog. ☺️