0xdf
In this section of the "Exploring the HackTheBox TwoMillion PHP Application [Beyond Root]" video, the presenter looks into the TwoMillion PHP web server to identify vulnerabilities in its code. They examine different functions, such as generate code and update settings, to find potential weaknesses. The presenter discovers a bug in the admin controllers that allows non-admin users to access the admin API and escalate their privileges. They also discuss a second-order command injection vulnerability and explain how to fix it by removing special characters from the username. The video serves as a practical guide to identifying and mitigating weaknesses in PHP web server code.
In this section, the presenter explores the PHP web server on the 2 million box from HackTheBox and dives into the PHP source to see where vulnerabilities can be found. The PHP application is set up as a dummy app that looks like a framework, with routes defined to map a GET request to a specific PHP class and function. The presenter takes a look at different functions, such as generate code and update settings, to identify vulnerabilities in the application. One vulnerability that is found is in the admin controllers, where the update settings function is vulnerable to SQL injection.
In this section of the video, the presenter explains a bug in the PHP code of the TwoMillion application that allows non-admin users to access the admin API and make themselves admins. The developer intended to make sure the user was an admin before they could use the API, but they made a mistake in the code that allowed this access. The bug occurred because the code was checking if "is admin" existed instead of its value, which was always present in the dictionary. The presenter goes on to demonstrate how to fix this bug and also mentions another bug in the VPN creation function.
In this section of the YouTube video "Exploring the HackTheBox TwoMillion PHP Application [Beyond Root]," the speaker examines the PHP web server and vulnerabilities within its code, specifically focusing on the injection point for a second-order command injection. They explain how the checking process ensures the request is correct and discusses how generating and regenerating a user VPN is done using the username. They also note how the removal of special characters from the username makes the endpoint safe and prevents regular endpoints from being hit, thereby eliminating a susceptibility to command ejection. The speaker concludes by discussing how the video serves as a practical guide to identifying and remedying weaknesses in PHP web server code.
No videos found.
No related videos found.
No music found.