You can also search for API, keys and other interesting and sensitive information in the xml documents. Sorry for the voice in this video guys. I hope you like the video. If you like the video please hit the like button and share it with your friends as well. More interesting content on the way for you.❤
Very good question, let me make it easy for you. Rce means you can execute commands. Now you have to find some kind of steps through which you can achieve it. Due to improper sanitization of the User-Agent header field, an application's remote web server may be affected by a remote code execution vulnerability when saving session values. An unauthenticated, remote attacker can exploit this, via a serialised PHP object, to execute arbitrary PHP code. Note - this is the vector to achieve RCE in this case, same vulnerability can be hunted using other vectors or using other methods including lfi, ssrf, etc. Read this report, it's an example of header based rce - hackerone.com/reports/914392
You can also search for API, keys and other interesting and sensitive information in the xml documents.
Sorry for the voice in this video guys. I hope you like the video. If you like the video please hit the like button and share it with your friends as well. More interesting content on the way for you.❤
#helpmesir
Well if the site is not LFI vulnerable then the User Agent or language header can be vulnerable?
Does that mean we want
Very good question, let me make it easy for you.
Rce means you can execute commands. Now you have to find some kind of steps through which you can achieve it.
Due to improper sanitization of the User-Agent header field, an application's remote web server may be affected by a remote code execution vulnerability when saving session values. An unauthenticated, remote attacker can exploit this, via a serialised PHP object, to execute arbitrary PHP code.
Note - this is the vector to achieve RCE in this case, same vulnerability can be hunted using other vectors or using other methods including lfi, ssrf, etc.
Read this report, it's an example of header based rce - hackerone.com/reports/914392
@@ranome1759 is it possible to get phpinfo page from this scenario.
if you can achieve RCE, what's the need to get phpinfo? You can already manipulate/control the complete application.