$9060 OS Command Injection POC | Private Bug Bounty Program 2023 | P1 Insecure OS Firmware
ฝัง
- เผยแพร่เมื่อ 13 ต.ค. 2023
- $9060 OS Command Injection POC | Private Bug Bounty Program 2023 | P1 Insecure OS/Firmware
-----------------------------------------------------------------------
Twitter: / abhishekmorla
Website: abhishekmorla.netlify.app/
Linkedin: / abhishekmorla
------------------------------------------------------------------------
Embark on an exhilarating journey into the world of cybersecurity and ethical hacking as we explore a real-world Unauthenticated Remote Code Execution Exploit that led to a $9060 bug bounty reward. This Proof of Concept (PoC) demonstration unveils the steps behind this successful hack, showcasing how vulnerabilities can result in reverse shell. Stay tuned for an insightful exploration of cybersecurity and ethical hacking in 2023!
------------------------------------------------------------------------
Path:
/cgi-bin/jarrewrite.sh
Shodan Query:
shodan search --fields ip_str,port http.favicon.hash:-2012355198
Thanks so much buddy 🔥🔥
Really very useful
nice video mate 😎
Awesome dude 👌👌
very good
cool
insane
🎉🎉🎉🎉❤❤
Wow
can you explain how you approach the target and how you get to know that there is os injection
if you reverse search the payload i used , you will find the answer. and for approaching targets i use shodan
@@abhishekmorla1 but how you found that youer target has a bug bounty program ?
Nice bro.
Please make large videos on other content deeply
Sure 👍
Excellent Video Brother. How to discover endpoints and hidden parameters for SQL Injection, XSS, LFI, RFI, RCE, OS Command Injection, CSTI, and SSTI web application vulnerabilities? Thanks
using javascript files
@@abhishekmorla1 Thanks B0$$ ✔️✅️🫡🔥💉❤️ Hope 2 C here on your channel soon. 💪✅️🫡🔥💉❤️💐
बहुत बढ़िया वीडियो भाई। SQL इंजेक्शन, XSS, LFI, RFI, RCE, OS कमांड इंजेक्शन, CSTI, और SSTI वेब एप्लिकेशन कमजोरियों के लिए एंडपॉइंट और छिपे हुए पैरामीटर कैसे खोजें? धन्यवाद
Join The Channel
th-cam.com/channels/9IAh1JN4lhSVz193GvZVZg.htmljoin
hello abhishek, do u use vulnerbility scanner to find a vulnerable parameter or do you manually test each one
Manual
Hi brother, did you use some wordlist to fuzz and get that weird .sh file? And how did you guess and test for that particular attack?
th-cam.com/channels/9IAh1JN4lhSVz193GvZVZg.htmljoin
I just stumbled on your channel, what is the name of the that httpclient your using?
It is ngrok
Very cool. I watched the video but I still don’t understand. Can you tell me your steps? Steps after subdomain search
you need to find exploits of services which are running on your target. in this case it was "sonicwall ssl-vpn web server"
@@abhishekmorla1
Thank you
Shellshock 😄
Do you use a vpn or tor to add a little bit of security and privacy
Yup..thanks for understanding
I like Dr FarFar also😂 , thank you for sharing 🙏
I just wrote a nuclei template to find this vulnerability , i found one , reported and waiting for review 😄
@@DevPoint.any updates bro do you get any bounty
@@DevPoint. brother can you explain me more about this bug like if it's because of using a vulnerable version of sonic firewall and is it a publicly available cve ??
How do you figure out where to test for shellshock?
th-cam.com/channels/9IAh1JN4lhSVz193GvZVZg.htmljoin
just wanna ask one thing did you use some publicly available cve? to exploit it like if it was running a vulnerable version of sonic firewall. pls reply..
Yes
@@abhishekmorla1 thanks appreciate it
Hi, how did you prepared your payload?
th-cam.com/channels/9IAh1JN4lhSVz193GvZVZg.htmljoin
use it just for 500 statut
Please suggest me some resources where I could lear rce
Play ctfs on htb
bro aap ye sab kaha se sikh te ho please tell me
portswigger , htb
Can anyone explain why did he put the parentheses before the payload
delimiter
@@abhishekmorla1 explain more
@@zajben-hk2fh Join The Channel
th-cam.com/channels/9IAh1JN4lhSVz193GvZVZg.htmljoin
@@zajben-hk2fh Join The Channel
th-cam.com/channels/9IAh1JN4lhSVz193GvZVZg.htmljoin
Are you exploiting it based on a previously published CVE?
yes
are you "shocked" you got a "shell"? 😏
naah
@@abhishekmorla1 shellshock
What bug bounty program is this?
private
first response 500?
Yup
after that 403😢
How still be shell shock vulnerability in today's world
join the channel th-cam.com/channels/9IAh1JN4lhSVz193GvZVZg.htmljoin
I need all payload 😅
Sure
can you please share payload ?
On discord
What's cve sir
www.exploit-db.com/exploits/49499
www.exploit-db.com/exploits/49499
but this website isnot internet
doesnot exist
Yeah it requires vpn
is it solved
Yes
Bro,Are you telugu?
no bro..but everyone says the same lol
shellshock