Black Hat MEA 2022 - Qualifier - Black Note
Challenge Description Difficulty : Medium Points : 250 Categoty : Web Walkthrough The black note application allows us to self register and save notes. After self registering and logging in, I noticed a cookie named notes. Inspecting it revealed that it is Base 64 encoded JSON data for the notes which are displayed in the page. Since we know that the backend is Node.JS and the cookie is actaully getting deserialized, it obviously a JSON deserialisation vulnerability via the notes cookie....