A $7.500 BUG BOUNTY Bug explained, step by step. (BLIND XXE OOB over DNS) - REDUX
ฝัง
- เผยแพร่เมื่อ 22 มี.ค. 2020
- Have you ever wondered what a $7.500 Bug Bounty bug looks like?
In this "re-upload" of the original video created in 2019, il walk you through a theoretical "BLIND XXE OOB over DNS" bug on a super-hardened target and explain the ideas around how to exploit it.
The tool used in this video to create the initial XML/PDF payload is Tobias 'floyd' Ospelt amazing burp plugin "Upload Scanner" I absolutely recommend that you use it for all your file upload automation needs.
/ floyd_ch
github.com/portswigger/upload...
Owasp XXE
www.owasp.org/index.php/XML_E...
Out of band entity XXE explained
www.acunetix.com/blog/article...
Burp collaborator
portswigger.net/burp/document...
Exploiting XXE with local DTD files
mohemiv.com/all/exploiting-xx...
Comments are disabled by default, but you can find me and the community over at / stokfredrik
-------------- -- --
Support my work:
Join me on Patreon! / stokfredrik
Need a shell to hack from? setup your own droplet today!
Get $100 credit on Digital Ocean using this link
m.do.co/c/5884b0601466
-------------- -- --
FAQ:
What gear do you use? :
Check out www.stokfredrik.com
Dude, I love what you do can we do "work stuff" together?
Sure, Email me at workwith @ stokfredrik.com - วิทยาศาสตร์และเทคโนโลยี