Bug Bounty: how to find & exploit Server Side Template Injection || SSTI to RCE

แชร์
ฝัง
  • เผยแพร่เมื่อ 10 พ.ย. 2024

ความคิดเห็น • 10

  • @songsxmashup
    @songsxmashup 3 หลายเดือนก่อน

    very nice explained simple brother its very simple thanks a lot ya ahhh!

  • @BanglarPranChitra
    @BanglarPranChitra 6 หลายเดือนก่อน +1

    Nice ❤❤

  • @_ArfatFarooq
    @_ArfatFarooq 6 หลายเดือนก่อน +1

    Bro you didn't show how to get reverse shell? Can we use here bin/bash for reverse connection in net cat? Also how get complete shell like full root shell using SSTI Vulnerability?

    • @DevSecHacker
      @DevSecHacker  6 หลายเดือนก่อน +3

      This video is intended to show SSTI detection method and exploitation (SSTI to RCE). If you are interested to know more, I will make a part 02 video on it.

    • @_ArfatFarooq
      @_ArfatFarooq 6 หลายเดือนก่อน +1

      @@DevSecHacker Thanks bro make interesting tutorials on topics like these such as Deeply understanding all types SQL injections on live target in simple Url, Hackbar, through intruder mode(burpsuite),sqlmap bypassing of cloudflare, lite speed server then getting databases without error. SSTI in different ways on live target you can hide url of the target if you want for youtube polices. How to scan SSTI using advance tools. LFI, RFi on live target and uploading of shells in different ways to get reverse shell. Command injections in new ways by bypassing restrictions of Clouflare and getting reverse connections. These are very important topics of cybersecurity and interesting for everyone who are interested in cybersecurity/hacking/pentesing. These were my bonus tips 😉 for your next tutorials. People are mostly interested in these topics even I am too...i believe you will bring and present such all tutorials in nice way and new ways...Keep growing 💗 thank you❣️❣️❣️

    • @_ArfatFarooq
      @_ArfatFarooq 6 หลายเดือนก่อน +1

      @DevSecHacker Thanks bro make interesting tutorials like these such as deeply understanding all types sql injecti*ns on target in url, h*ckbar, through intruder mode(burpsuite),sqlmap bypassing of cloudflare, lite speed server then getting databases without error. SSTI in different ways on live target you can hide url of the target if you want for youtube polices. How to scan SSTI using advance tools. LFI, RFi on live target and uploading of she*lls in different ways to get r*verse sh*ll. C*mmand injections in new ways by byp*ssing restrictions of Cloudflare and getting r*verse connection. These were my bonus tips for you to upload such interesting topics because people are mostly interested in these topics and even I am too...I hope you will upload such nice contents thank you...

  • @SushantMaliwhy
    @SushantMaliwhy 6 หลายเดือนก่อน

    Hey could you make a video regarding XSRF-TOKEN/CSRF?

    • @DevSecHacker
      @DevSecHacker  6 หลายเดือนก่อน +2

      I will. Please do like and subscribe