Natas 20 — parameter tampering
Nov 7 · 2 min read

Natas 20 welcome page is bellow. Trying some input gives us nothing unusual. We’ll have to dig into the source-code.
Typically when pentesting a Web App we wont have access to the authentication/authorization code. But if the server has any kind of vulnerability that we can exploit to gain access, then we own the App.


