Htb

User flag Recon Firtsly, sea.htb is built from wondercms. You can check it by enumerating the web or searching the string velik71 appeared on the banner. Checking the /themes/bike/wcms-modules.json, I found the version of this website is 3.2.0. It has a CVE-2023-41425 that allows an attacker to a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component. I also found a contact.php page which allows us to send infomation including a malicous link to the admin....

User flag Recon Port scanning: Directory scanning: Server open a port (5000) for running a website. After scanning directories, I found 2 interesting directories : /support which we can access by For questions button. It has a form to submit a message. By checking its request, I find that it is using POST method to send data to the server. I try to send a message with a payload <h1>alert(1)</h1> and it responses a alert form which includes header of this request....