Monstra CMS - 3.0.4 Login Rate Limiting Bypass

CVE-2018-11678 Exploit Title: Monstra CMS <= 3.0.4 Login Rate Limiting Bypass CVE: CVE-2018-11678 Vendor Homepage: http://monstra.org/ Software Link: https://bitbucket.org/Awilum/monstra/downloads/monstra-3.0.4.zip Discovered by: Abdillah Muhamad Contact: abdilah.pb@gmail.com Website: https://abdilahrf.github.io Category: webapps Platform: PHP MonstraCMS 3.0.4 Implementing bruteforce protection in login form but...

Nuitduhack Quals 2018: PixEditor - 350pts

Problem Create your own pixel art with this powerful tool. Url : http://pixeditor.challs.malice.fr/ Writeup Kita diberikan website yang fungsinya bisa untuk nge-warnain per-pixel dan dikirim ke php dalam bentuk array RGB 32*32 (4096), ketika kita coba untuk mengurangi/menambahkan pixel maka...

Nuitduhack Quals 2018: CoinGame - 200pts

Problem Description Hi guy ! Hi ! Are you still working on your famous game? Yes of course, I made some modifications to make it more fun. Can I take a look at it? No, I prefer to keep it...

Writeup Hackthebox - Sense

Machine Detail Name : Sense IP : 10.10.10.60 Author : lkys37en Hostname : sense.htb OS : FreeBSD Discovery Port Service Version 80 http Apache httpd 2.4.10 ((Debian)) 443 ssl/http Apache httpd 2.4.25 ((Ubuntu)) Exploitation Scanning using nmap give us information...

Angstrom CTF 2018 : Web Challenges

Source Me 1 WEB, 20 pts There is only one goal: Log in. Semua informasi yang kita butuhkan untuk login ada pada source htmlnya jadi kita tinggal login dengan user admin dan password f7s0jkl <!DOCTYPE html> <html lang="en"> <head> <meta...