sql injection

Hack The Box: Cat Machine Walkthrough – Medium Diffculity

Hack The Box Success: Cat Machine Write-Up Published!

I’ve just published my personal write-up for the Cat machine on Hack The Box. In this challenge, I gained the user flag by exploiting a Stored XSS vulnerability to capture the admin session cookie, followed by an SQL Injection to extract credentials and gain SSH access. For the root flag, I took advantage of a vulnerable image processing script owned by root, crafting a payload to gain a root shell and retrieve the flag. The full write-up dives into each step, the logic behind the attacks, and key takeaways.

#CyberSecurity #HackTheBox #PenetrationTesting #EthicalHacking #CTF #WriteUp #XSS #SQLi #PrivilegeEscalation #InfoSec #CTFWriteup

The post Hack The Box: Cat Machine Walkthrough – Medium Diffculity appeared first on Threatninja.net.

July 5, 2025
0 comment
Read More >>

SQL Injection Attack on Airport Security

Interesting vulnerability:

…a special lane at airport security called Known Crewmember (KCM). KCM is a TSA program that allows pilots and flight attendants to bypass security screening, even when flying on domestic personal trips.

The KCM process is fairly simple: the employee uses the dedicated lane and presents their KCM barcode or provides the TSA agent their employee number and airline. Various forms of ID need to be presented while the TSA agent’s laptop verifies the employment status with the airline. If successful, the employee can access the sterile area without any screening at all…

September 2, 2024
0 comment
Read More >>

Hack The Box: Intentions Machine Walkthrough – Hard Difficulty

In this post, I would like to share a walkthrough of the Intentions Machine from Hack the Box This room will be considered a Hard machine on Hack the Box What will you gain from the Intentions machine? For the user flag, you will need to abuse the SQL Injection of the second order which will […]

The post Hack The Box: Intentions Machine Walkthrough – Hard Difficulty appeared first on Threatninja.net.

October 14, 2023
0 comment
Read More >>

HackTheBox: OnlyforYou Machine Walkthrough – Medium Difficulty

In this post, I would like to share a walkthrough of the OnlyforYou Machine from Hack the Box This room will be considered a medium machine on Hack the Box What will you gain from the OnlyforYou machine? For the user flag, you will need to able to read different files throughout an LFI Vulnerability that […]

The post HackTheBox: OnlyforYou Machine Walkthrough – Medium Difficulty appeared first on Threatninja.net.

August 26, 2023
0 comment
Read More >>

Hack The Box: Socket Machine Walkthrough – Medium Difficulty

In this post, I would like to share a walkthrough of the Socket Machine from Hack the Box This room will be considered a medium machine on Hack the Box What will you gain from the Socket machine? For the user flag, you will need to download the Windows Application which requires our attention especially when […]

The post Hack The Box: Socket Machine Walkthrough – Medium Difficulty appeared first on Threatninja.net.

July 15, 2023
0 comment
Read More >>

Critical SQL Injection flaws in Gentoo Soko can lead to Remote Code Execution

SQL injection vulnerabilities in Gentoo Soko could lead to remote code execution (RCE) on impacted systems. SonarSource researchers discovered two SQL injection vulnerabilities in Gentoo Soko, collectively tracked as CVE-2023-28424 (CVSS score: 9.1) [1],[2], that can be exploited by a remote attacker to execute arbitrary code on vulnerable systems. “The two package search handlers, Search […]

The post Critical SQL Injection flaws in Gentoo Soko can lead to Remote Code Execution appeared first on Security Affairs.

June 28, 2023
0 comment
Read More >>