XSS, Deserialization & SeImpersonate - Cereal @ HackTheBox
We are solving Cereal, a 40-point machine on HackTheBox. For user, we will exploit a pretty tricky deserialization vulnerability in a .NET web app. For root, we exploit SeImpersonate.
This post is licensed under CC BY 4.0 by the author.