walkthrough
Premium
HackTheBox Fortress: Faraday — Web API Security Writeup
Full walkthrough of the HackTheBox Faraday Fortress. Covers hardcoded API key in JavaScript source, IDOR on vulnerability reports, JWT algorithm confusion (alg:none) bypass for admin access, and UNION-based SQL injection.
Faraday Fortress
HackTheBox
Linux
Hard
Fortress
Members Only Content
This article is exclusively available to premium members of LazyHackers. Login or subscribe to read.