50m-ctf: Several vulnerabilities lead to Remote Code Execution and Arbitraty File Read on multiple servers
Summary: - Tweeted image contained URL https://bit.do/h1therm to download an APK - APK API 35.243.186.41 is vulnerable to SQL Injection on username parameter and leaked location of server 104.196.12.98 through the devices table - Login form on 104.196.12.98 is vulnerable to timing attack on hash...