InfoSec LAB

Web

Nmap discovered a Web server on the target port 5000 The running service is Werkzeug/3.0.3 Python/3.9.5

Webroot

The web application supports registration and authentication

Creating a testing account

Being redirected to /dashboard

Redirected to the /dashboard endpoint

┌──(kali㉿kali)-[~/archive/htb/labs/chemistry]
└─$ cat example.cif             
data_Example
_cell_length_a    10.00000
_cell_length_b    10.00000
_cell_length_c    10.00000
_cell_angle_alpha 90.00000
_cell_angle_beta  90.00000
_cell_angle_gamma 90.00000
_symmetry_space_group_name_H-M 'P 1'
loop_
 _atom_site_label
 _atom_site_fract_x
 _atom_site_fract_y
 _atom_site_fract_z
 _atom_site_occupancy
 H 0.00000 0.00000 0.00000 1
 O 0.50000 0.50000 0.50000 1

There is an example

Vulnerability

It would appear that the target web application is processing the CIF file somehow

Looking it up online reveals a fairly recent article It’s assigned CVE-2024-23346

Looking it up again reveals an GitHub advisory The target web application might be vulnerable to this

InfoSec LAB

Explorer

Chemistry_Web_5000

Web

Vulnerability

Interactive Graph View

Table of Contents

Backlinks