HacktivityconCTF 2021

  1. Swaggy
  • /signin
  • /signin
  • /signup
  • /signout
  • /admin
  • /post
  • /profile
  • /web/
  • /model/
  1. We have a template injection vuln.
  2. We can access the author object which is built off of the User object.
  3. we know that different functions get executed based up on the page we visit.
  4. We have a function called ChangePassword which is (sort of) attached to the User object.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store