Bro great video. Can you please explain the last step where you call the file in a POST request to the upload file url and you get the code results. what does those params do in the body and how did you get those .
there was a functionality in the application itself that read and try to execute the delete operation in the uploaded file, this particular param is responsible for the local file inclusion.
Ok but when you try to exploit it the waf will block it, anyway nice video and i hope you go deeper. Otherwise do you have telegram channel or account ?
congratz x the bounty and great poc! wish there were more ytbers showcasing their bug bounty methodologies
But how did u got that params 'module' , 'action' and 'filename' that u used in POST request?
join the channel th-cam.com/channels/9IAh1JN4lhSVz193GvZVZg.htmljoin
U r doing great buddy. Can u please make a video on how do u approach a target and how u try to find critical bugs. It would help a lot 😅
Sure
I learn remote code ex but I never see it in real target
Heyy could you sometimes provide a tutorial on your methodologies such as recon phase with shodan and what cve you devide to target❤❤ love your videos
Sure
Bro great video.
Can you please explain the last step where you call the file in a POST request to the upload file url and you get the code results. what does those params do in the body and how did you get those .
there was a functionality in the application itself that read and try to execute the delete operation in the uploaded file, this particular param is responsible for the local file inclusion.
hey, can you tell which google dorks you used to find these domains?
Which are in github
hi bro, how can i know if the target is vulnerable to RCE attacks?
By testing it
May ı ask which tool you used for thumbnail if you used something like ai? thanks.
YES
but how ? how does that request run the file ?
While deleting its just fetching the content, functionality of the application.
yeah fetch but why execute @@abhishekmorla1
Ok but when you try to exploit it the waf will block it, anyway nice video and i hope you go deeper. Otherwise do you have telegram channel or account ?
discord
friend request sent to abhishekmorla @@abhishekmorla1
Op 🔥
Bro where did u get this type of methodology or technique
Can u tell me the secret 😉
comes with the experience buddy
@@abhishekmorla1 bro slowly slowly i am becoming your fan 👀😆😆
Can u Make some Explaining videos of your findings? My small request
good
❤🔥❤🔥🔥🔥🔥🔥
sure
dang 😖
boys cappin domain does not exist
cuz you are not connected to private vpn bro :)
The comments are full of noobs
Remember you were noob once 😉
@@abhishekmorla1 you are right, thanks for saying that
Damnnnnn