Hacking a JavaScript Game Referring to this video. Examination This is a web-based game, so we begin by inspecting the game page using the browser’s developer tools. Inspecting the Game Open the browser’s developer tools and navigate to the debugger section. This section displays all the files associated with the page you are inspecting. You can view the HTML source code of the Elf Connect game here: ...
Identifying the Local File Inclusion (LFI) Vulnerability While working on the skills assessment for the File Inclusion module, I first checked whether the target website was vulnerable to Local File Inclusion (LFI). The website had a query parameter called page in the URL, as shown below: http://<IP>/index.php?page=<page name> When I attempted to traverse directories using relative paths, like ../../../../etc/passwd, I encountered an error message: “Invalid input detected!”. Directory Enumeration with ffuf To explore available pages on the site, I used the ffuf tool to fuzz the directories: ...