Answer the question
In order to leave comments, you need to log in
X
X
Xapu3ma2017-09-24 17:44:48
Xapu3ma, 2017-09-24 17:44:48
Where can there be vulnerabilities (in the website code)?
Gentlemen, tell me where there can be vulnerabilities in the site code? (Code attached below)
I have crawled the site with all sorts of utilities ranging from acunetix, .. , burp site.
Of all the reports, the only catch is that it is possible to carry out a CSRF attack. (Substitute user session). And there is no captcha on the authorization form - which threatens with the possibility of brute force.
Maybe I missed something? Tell me which way to dig?
ps task from one ctf (I’m not cunning), I just need help, advice in which direction to look.
Authorization page 
code : Registration form code : 
Home page code
2 answer(s)
@Xapu3ma-NN
@xmoonlight
Antifraud: Checkmate.
D
devalone, 2017-09-25 @Xapu3ma-NN
Post your code properly. If this is CTF, then they can kick you out for automatic scanners, they even kick you out if you break it "incorrectly", one team put the network for 2 hours (one of the types of DDOS) and they were disqualified, although it was necessary to kick out the admins who set up this network .
And according to the subject, you are looking in the wrong place, the vulnerability is most likely in the backend, perhaps sql injection, there may be access to files to which, logically, it should not be, maybe something less banal.
X
xmoonlight, 2017-09-24 @xmoonlight
And there is no captcha on the authorization form - which threatens with the possibility of brute force.
Antifraud: Checkmate.
Similar questions
L
U
D
S
D
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question