HTB - FastJson and Furious

Th3B4h0z · 2024-07-29T05:31:59+00:00

let's discuss the easy mobile challenge

Pages (2): « Previous 1 2

HTB - FastJson and Furious

by Th3B4h0z - Monday July 29, 2024 at 05:31 AM

mazafaka555

RaidForums

Posts: 98

Threads: 6

Joined: Mar 2024

Reputation: 17

#11

07-31-2024, 11:10 AM (This post was last modified: 07-31-2024, 11:10 AM by mazafaka555.)

(07-30-2024, 08:08 PM)invisigoth Wrote: The challenge is named after fastjson.
The apk is using fastjson 1.1.52
Looking for vulnerabilities: https://security.snyk.io/package/maven/c...52.android
The first vulnerability is CVE-2022-25845
The details are https://jfrog.com/blog/cve-2022-25845-an...erability/
Follow the article and the json payload to enable the flag becomes obvious.

Great catch! That explain everything...

« Next Oldest | Next Newest »

Pages (2): « Previous 1 2

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	[FREE] 300+ Writeups PDF HackTheBox/HTB premium retired	Tamarisk	360	88,710	03-28-2026, 09:28 AM Last Post: catsweet
	[FREE] HTB-ProLabs APTLABS Just Flags	kewlsunny	23	2,348	03-28-2026, 03:30 AM Last Post: lulaladrow
	[MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot	htb-bot	87	7,490	03-27-2026, 07:22 PM Last Post: stn
	HTB Eloquia User and Root Flags - Insane Box	69646B	13	350	03-27-2026, 06:14 PM Last Post: vlxw
	HTB - ALL Challenges you Stuck in	osamy7593	2	646	03-27-2026, 04:24 PM Last Post: catsweet

Users browsing this thread: 1 Guest(s)