NeoVault

OVERVIEW

So we already started an instance and now lets move on the web page .

So Let’s start by creating an account and login with it to get access of the dashboard.

After Logged in you can see a recent transaction from a user neo_system and you can also see a lot of options in the left side of the webpage so lets check them out one by one.

Let’s Move To Transfer Tab First

Now Let’s try to send money to neo_system as it is the only user we know so far and capture its request in Burp Suite

So on sending the request in the repeater tab we can see _id and username parameter in the response for the particular user .
Hmm Nice, Let’s Check Other Options too:

So Let’s Check out the next Deposit Option

It allows us to Deposit Money Into Our Account So again Let’s capture this in Burp Suite

Ooh What’s this its saying v2 is under maintenance so that means we should check v1

Sadly it throws Internal Server Error No Worries Let’s move forward.

Now Moving forward to next option which is Transactions

Here we can see it shows our transaction history and there is a button to download this history in the form of PDF maybe it could have some vulnerability so again capture it in Burp Suite

It looks like a normal request so lets check its output file

Yep Nothing Here But Wait Did u remember we used v1 in deposit requests but it showed internal server error so lets try in this transactions request too

Yeeee!! v1 worked and we found something which was not internal server error but _id is not provided so we have to give it some type of _id parameter and its value

Then I remembered that we got _id of neo_system in transfer request which was