Hey brother i just have a little doubt over here, Why didn't we simply tried copy pasting RCE payloads in the context to Twig from HackTricks in this lab as we did in all the previous labs ?
Really appreciate that Isha! We really do plan to make more videos for more of the Web Security Academy labs. We felt it was important to break these concepts down in a digestible format, but also practical enough to take away a working methodology on discovering cool vulnerabilities. Appreciate your time and glad to hear you’re enjoying the content!
In the error message (which gets triggered when we try to upload non image file) we can see that "User->setAvatar" the class name 'User' itself is used in order to call the setAvatar method doesn't it makes the setAvatar a static method. If it is a static method how are we able to access it with the help of an object instance user.setAvatar?
The explanation was so precise, I never even thought about generating an error at the File Upload section, thank you soo much!
Hey brother i just have a little doubt over here, Why didn't we simply tried copy pasting RCE payloads in the context to Twig from HackTricks in this lab as we did in all the previous labs ?
Amazing series!!! You must make more walkthroughs like this, you were concise and clear and it made all the difference!
Really appreciate that Isha! We really do plan to make more videos for more of the Web Security Academy labs. We felt it was important to break these concepts down in a digestible format, but also practical enough to take away a working methodology on discovering cool vulnerabilities. Appreciate your time and glad to hear you’re enjoying the content!
These videos are so helpful, I refer to them very often
That’s great to hear! I really appreciate you checking out the video!
Thanks man for the amazing explanations...♥
Brilliant work!
This was a beautiful lab
great explanation!, you should make more portswigger videos🙌
Very good. Thank you MR.
that was 🔥
Thanks so much. I hope the video was helpful!
In the error message (which gets triggered when we try to upload non image file) we can see that "User->setAvatar" the class name 'User' itself is used in order to call the setAvatar method doesn't it makes the setAvatar a static method. If it is a static method how are we able to access it with the help of an object instance user.setAvatar?
amazing video man..
I really appreciate that! I hope it was helpful. More to come soon. Thanks so much for checking out the video!
great work
Thank you! Hope it was helpful. Appreciate you checking out the video!
I can't see the live 😥
Thanks for the heads up! I have the vod saved so I’ll have to upload that and fix the link. Appreciate you! I’ll let you know when I fix that.