Insecure configuration with shared hosting - Natas 21 - Overthewire.org - Walkthrough

The application is sharing the same server with another application, and the configuration of the web-server does not enforce separate mechanisms for storing sessions. How is this a problem, and how can it be abused?

In these video series I am running through the Overthewire.org Natas wargame. It’s all about web hacking and shows an array of different web vulnerabilities for us to practice on. This video features Natas 21.

If you liked it, or you want more, let me know. Subscribe for updates to my channel.

You can check out my twitter account here for updates: https://twitter.com/ChrisADale

Interested in hiring my team and I for consulting? Check us out at https://riversecurity.eu/

I’m also a SANS certified instructor, and you can come to my classes. Check out my schedule here: https://www.sans.org/instructors/chris-dale