Natas 20 — parameter tampering

Miguel Sampaio da Veiga
Nov 7 · 2 min read
Photo by Markus Spiske on Unsplash

Natas 20 welcome page is bellow. Trying some input gives us nothing unusual. We’ll have to dig into the source-code.

Typically when pentesting a Web App we wont have access to the authentication/authorization code. But if the server has any kind of vulnerability that we can exploit to gain access, then we own the App.

Keep the story going. Sign up for an extra free read.

You've completed your member preview for this month, but when you sign up for a free Medium account, you get one more story.
Already have an account? Sign in

Miguel Sampaio da Veiga

Written by

Security consultant

Hacker Toolbelt

Hacking tools and how-to

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade