New machine from 2022-07-16.

PORT   STATE SERVICE
22/tcp open  ssh
80/tcp open  http

Register needs a special domain it seems

Nvm, snippet.htb works but register is not allowed

I found http://mail.snippet.htb and http://dev.snippet.htb/

ffuf -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt:FUZZ -u http://snippet.htb -H 'Host: FUZZ.snippet.htb' -fl 30 if someone wanna know

(July 16, 2022, 07:22 PM)Exa Wrote: I found http://mail.snippet.htb and http://dev.snippet.htb/

dev.snippet is a good way to exploit!

(July 16, 2022, 07:30 PM)nhocit Wrote:

(July 16, 2022, 07:22 PM)Exa Wrote: I found http://mail.snippet.htb and http://dev.snippet.htb/

dev.snippet is a good way to exploit!

How so?

(July 16, 2022, 07:37 PM)Exa Wrote:

(July 16, 2022, 07:30 PM)nhocit Wrote:

(July 16, 2022, 07:22 PM)Exa Wrote: I found http://mail.snippet.htb and http://dev.snippet.htb/

dev.snippet is a good way to exploit!

How so?

I am playing around with this:
http://dev.snippet.htb/api/swagger#/admin
Also there is a video here:
https://www.youtube.com/watch?v=8gf5YvvY1yc&t=2415s

Been trying to perform password poisoning through forgot-password without success
Anyone's having better luck ?

[INFO] (custom) POST parameter 'JSON email' appears to be 'MySQL > 5.0.12 time-based blind - Parameter

waiting here

nothing yet:

http://mail.snippet.htb/ (7.4.27 under X-Powered-By: PHP/7.4.27)

idk its some exploit with php ? searching in google here

---

found K19150034: PHP vulnerabilities CVE-2022-31625, CVE-2022-31626