One post tagged with "Path traversal"

This challenge was fairly complex. After enumerating the target for virtual hosts, I found a Gite instance which gave me hints for a path traversal vulnerability in the webapplication running on the server. This vulnerability eventually gave me read access to the database which then leaked the hashed user passwords. Cracking these gave me the password I needed. Privilege escalation was possible because of a cronjob and a binary which was vulnerable to code injection.