Hack The Box Perspective Exploiting and Securing Dot Net Web Applications View State

00:00 Intro 01:00 Start of nmap 02:25 Looking at the website, looks like there s different behavior for extensions 05:10 Registering and logging into an account 06:30 An unintended way to login, IDOR within the Forgot Password logic, can change usernames 09:15 Uploading a new product, test XSS, File Upload 12:00 Using FFUF with a raw http request to test for potential extensions 18:10 Using SHTML to test for Server Side Inclusion SSI and leaking 21:15 Going over the pulling out sensitive things 26:30 Decrypting the. aspx Forms Ticket and forging a new one that states we are admin 36:50 The Admin page allows us to generate PDF s, testing for XSS 38:20 Attempting to redirect the save to pdf function with a meta tag 42:50 Redirecting to localhost:8000 and discovering the swagger api for encrypt, decrypt 46:00 Creating a webform to autosubmit data and allow us to decrypt a string. 51:00 Creating a YSOSERIAL Gadge