TP-Link WR740N suffers from a few stored XSS vulnerabilities.research tp-link-WR740N
This is an easy machine from TryHackMe.
Unzip the given files:
As we can see we have a .git folder that we can probably interact with the git binary.
So first of all we can see that we have two branches:
Lets see the commits made to master:
So, there are at least 4 commits before the finish one that can contain sensitive information.
Checking for commit information shows nothing.
Lets see the commits made to dbint:
We can see that there is some interesting commits that may containt sensitive information.
By checking the “Oops” commit we can see the flag to the challenge:
TP-Link WR740N suffers from an LFI vulnerability in the /help/ directory.research tp-link-WR740N
This is an “easy” machine from HackTheBox Business CTF.writeup hackthebox ctf