HackTheBox – MagicGardens
#HackTheBox #MagicGardens
“IppSec”
00:00 – Introduction
01:00 – Start of nmap
04:20 – Discovering the website is built with Django via Wappalyzer or the 404 page
07:40 – Looking at the Subscription Page, discovering we can change the hostname of the payment processor which is like a SSRF Vulnerability
11:30 – Making a request to…
source
Concluzion: HackTheBox – MagicGardens – [vid_tags]