CSRF

December 8, 2020

Doctor – HackTheBox Writeup

Thoviti Siddharth Infosec CSRF, HackTheBox, HTB, htb-doctor, Infosec, LinPeas, Linux Box, PySplunkWhisper2, Splunk, SSTI, Writeup 0

IP: 10.10.10.209
Difficulty: Easy

Summary: Doctor is a Linux Box that can be exploited using Server Site Template Injection (SSTI) or Cross Site Request Forgery (CSRF). The escalated Splunk service is exploited to escalate privileges to root by using Splunk 8.0.5 exploit.