Difficulty
Intermediate
Details
After a short brute force introduction, this exercice explains the tampering of rack cookie and how you can even manage to modify a signed cookie (if the secret is trivial). Using this issue, you will be able to escalate your privileges and gain commands execution.
What you will learn?
- Rack Cookies tampering
- Writing small web scripts in Ruby
- Commands injection attack
VulnHub