Back to directory

WRITEUP #1191

What is kong & why we’re relying on it

RCESandbox escapeAuthentication bypassHardcoded credentialsBroken Access ControlPrivilege escalationJWT

by@TheLaluka(Laluka)

Program

Konga

Published

May 10, 2023

Added to HackDex

May 12, 2023

Read Full Writeuphttps://thinkloveshare.com/hacking/kong-konga-exploitation-and-hardening/

▸ RELATED WRITEUPS

Vulnerabilities in Open Source C2 Frameworks

RCEOS command injection

Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!

RCEConfusion attack

Vestaboard: Exploring Broken Access Controls and Privilege Escalation

Privilege EscalationBroken Access Control

How I Earned $469 Bounty: Bypassing Plan Restriction

Privilege EscalationBroken Access Control

[2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package

RCEDependency confusion

Built with ❤️ by Shubham Rawat