https://github.com/grrrdog/zeronights-hackquest-2016

2 web tasks from ZeroNights HackQuest 2016
https://github.com/grrrdog/zeronights-hackquest-2016

Last synced: 8 months ago
JSON representation

2 web tasks from ZeroNights HackQuest 2016

Host: GitHub
URL: https://github.com/grrrdog/zeronights-hackquest-2016
Owner: GrrrDog
Created: 2017-03-23T22:48:32.000Z (over 8 years ago)
Default Branch: master
Last Pushed: 2017-03-24T11:16:15.000Z (over 8 years ago)
Last Synced: 2025-01-15T13:34:54.017Z (9 months ago)
Size: 14.6 MB
Stars: 50
Watchers: 8
Forks: 17
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

There are two web tasks from ZeroNights HackQuest 2016 http://hackquest.zeronights.org/.

They consist of some unusual, but real vuln types.

Also they demostrate a part of research about Spring MVC - http://agrrrdog.blogspot.com/2017/03/autobinding-vulns-and-spring-mvc.html

All sources are in "src" folder.

# Justice League
Task name - Bad Assistant

It contains vuln types:
- Session Puzzling (Session Variable Overloading)
- Autobinding (Mass Assignment)
- Insecure JSON deserialization using XStream lib

Installation process:
- just deploy justiceleague.war and justiceleaguedb.war files to any Tomcat (or something similiar)

# The First School of Bulemia - Edik
Task name - I wanna be better

It contains vuln types:
- Autobinding (Mass Assignment)
- Expression Language injection
- Sensetive information disclosure (OSINT related part of task)

Installation process:
- install jdk1.6
- install Tomcat 6
- deploy edik.war file to the Tomcat

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/grrrdog/zeronights-hackquest-2016

Awesome Lists containing this project

README