U.S. Dept Of Defense: Attacker can Add itself as admin user and can also change privileges of Existing Users [█████████]

The website had a directory that lacked authentication, allowing an attacker to add a new admin user and change the privileges of existing users without any authentication...

h1-ctf: [h1-2006 2020] CTF Walkthrough

h1-2006-ctf Writeup June 2020 https://hackerone.com/h1-ctf/ The Competition Begins! The tweet announces the CTF challenge. Looks like we will need to find a way to process some payments. F863442 Initial Exploring Reading up on the extended description at https://hackerone.com/h1-ctf/ reveals that...