Padelify — THM Writeup By: Kavin Jindal (@Klevr) https://tryhackme.com/room/padelify Padelify is one of the latest rooms released by TryHackMe as a part of their recent releases related to WAF (Web …

InfoSecWriteUps' platform is  dedicated to providing insights and resources for cybersecurity professionals and enthusiasts. Through articles, tutorials, and security research, InfoSecWriteUps offers insights into cybersecurity vulnerabilities, attack techniques, and defense strategies. Readers can learn about penetration testing, threat intelligence, and incident response to enhance their cybersecurity knowledge and skills.

InfoSec Write-ups

A step-by-step walkthrough of exploiting the TryHackMe Padelify room, focusing on Web Application Firewall (WAF) bypass techniques. The exploitation chain involves initial reconnaissance with Nmap, bypassing WAF restrictions during directory enumeration by spoofing user agents, discovering XSS vulnerabilities through error logs, stealing moderator cookies using iframe-based XSS payloads that evade WAF filters, and finally achieving admin access through URL-encoded SSRF to read configuration files containing credentials.

Padelify — THM Writeup. By: Kavin Jindal (@Klevr)

Get Avyukt Security ’s stories in your inbox