Student Name: [Your Name] Date: [Exam Date] Exam Code: OSWE-XXXXX 1. Introduction This report documents the successful compromise of the exam application set as required for the Offensive Security Web Expert (OSWE) certification. The objective was to achieve remote code execution (RCE) on the target server by chaining together multiple vulnerabilities through a white-box approach, ultimately obtaining proof.txt and the web flag. 2. Executive Summary The target application was found to contain several critical vulnerabilities that allowed an authenticated attacker to achieve remote code execution. The attack chain leveraged an Insecure Direct Object Reference (IDOR) to access another user’s account, followed by a deserialization vulnerability in a custom cookie handler, and finally a path traversal in a file upload feature to write a webshell.