# Executive Report

## <mark style="color:purple;">Security Assessment Report: "OnlyHacks" Challenge</mark>

### <mark style="color:purple;">Purpose of the Report</mark>

This report provides an overview of the "OnlyHacks" challenge from Hack The Box, highlighting the key findings and recommendations derived from the assessment.

***

### <mark style="color:purple;">Executive Summary</mark>

The "OnlyHacks" challenge is a web-based exercise designed to test participants' skills in identifying and exploiting common web application vulnerabilities, specifically Insecure Direct Object References (IDOR) and Cross-Site Scripting (XSS). Set within a dating application context, the challenge requires users to uncover unauthorized access points and execute client-side scripts to retrieve sensitive information.

***

### <mark style="color:purple;">Key Findings</mark>

* **Insecure Direct Object References (IDOR):** The application allows users to access chat sessions by manipulating URL parameters, enabling unauthorized viewing of other users' private messages.
* **Cross-Site Scripting (XSS):** The messaging feature does not adequately sanitize user inputs, permitting the injection and execution of malicious scripts within another user's session.

***

### <mark style="color:purple;">Impact</mark>

Exploiting these vulnerabilities could lead to significant security breaches, including unauthorized access to private communications and potential session hijacking. Such weaknesses compromise user confidentiality and the overall integrity of the application.

***

### <mark style="color:purple;">Key Recommendations</mark>

* **Implement Robust Access Controls:** Ensure that users can only access resources explicitly authorized for their accounts by validating user permissions server-side.
* **Sanitize User Inputs:** Apply strict input validation and output encoding to all user-generated content to prevent the injection and execution of malicious scripts.
* **Conduct Regular Security Audits:** Perform periodic assessments of the application to identify and remediate vulnerabilities promptly.

***

### <mark style="color:purple;">Conclusion</mark>

The assessment of the "OnlyHacks" challenge underscores the critical importance of implementing proper access controls and input validation in web applications. Addressing these vulnerabilities is essential to protect user data and maintain the application's security posture.