Hack The Box: Oopsie
My first full Hack The Box machine, taken from a guest cookie to a shell on the box.
I chained four simple web vulnerabilities together to gain access into a system. An IDOR flaw that got me the administrator's account ID, editing browser cookies to trick the site, uploading and executing a reverse shell PHP script, and found a reused database password.