2. Exploiting XXE to perform SSRF attacks

Поделиться
HTML-код
  • Опубликовано: 11 сен 2024
  • Lab: Exploiting XXE to perform SSRF attacks
    APPRENTICE
    This lab has a "Check stock" feature that parses XML input and returns any unexpected values in the response.
    The lab server is running a (simulated) EC2 metadata endpoint at the default URL, which is 169.254.169.254/. This endpoint can be used to retrieve data about the instance, some of which might be sensitive.
    To solve the lab, exploit the XXE vulnerability to perform an SSRF attack that obtains the server's IAM secret access key from the EC2 metadata endpoint.

Комментарии •

Следующие
Автовоспроизведение
3. Blind XXE with out-of-band interaction2:243. Blind XXE with out-of-band interaction
3. Blind XXE with out-of-band interactionLittle More Help
Просмотров 189
Cursor Is Beating VS Code (...by forking it)18:00Cursor Is Beating VS Code (...by forking it)
Cursor Is Beating VS Code (...by forking it)Theo - t3․gg
Просмотров 72 тыс.
XXE Injection 1 | Exploiting XXE Using External Entities to Retrieve Files #BugBounty9:31XXE Injection 1 | Exploiting XXE Using External Entities to Retrieve Files #BugBounty
XXE Injection 1 | Exploiting XXE Using External Entities to Retrieve Files #BugBountyHMCyberAcademy
Просмотров 1,4 тыс.
Zach Bryan - Oak Island04:30Zach Bryan - Oak Island
Zach Bryan - Oak IslandZach Bryan
Просмотров 531 тыс.
Crumbl Conspiracy Investigation38:01Crumbl Conspiracy Investigation
Crumbl Conspiracy InvestigationShane2
Просмотров 790 тыс.
Devara Part -1 Trailer (Telugu) | NTR | Saif Ali Khan | Janhvi | Koratala Siva | Anirudh | Sep 2702:40Devara Part -1 Trailer (Telugu) | NTR | Saif Ali Khan | Janhvi | Koratala Siva | Anirudh | Sep 27
Devara Part -1 Trailer (Telugu) | NTR | Saif Ali Khan | Janhvi | Koratala Siva | Anirudh | Sep 27NTR Arts
Просмотров 32 млн
Mark Rober vs Dude Perfect- Ultimate Robot Battle19:00Mark Rober vs Dude Perfect- Ultimate Robot Battle
Mark Rober vs Dude Perfect- Ultimate Robot BattleMark Rober
Просмотров 9 млн
Server-Side Request Forgery (SSRF) Explained And Demonstrated6:13Server-Side Request Forgery (SSRF) Explained And Demonstrated
Server-Side Request Forgery (SSRF) Explained And DemonstratedLoi Liang Yang
Просмотров 82 тыс.
RPi3: Connect Your PC to Your Raspberry Pi using Putty (via Bluetooth)13:08RPi3: Connect Your PC to Your Raspberry Pi using Putty (via Bluetooth)
RPi3: Connect Your PC to Your Raspberry Pi using Putty (via Bluetooth)ZeroLife
Просмотров 760
Introduction to Cloud Hacking| flaws.cloud LEVEL 39:34Introduction to Cloud Hacking| flaws.cloud LEVEL 3
Introduction to Cloud Hacking| flaws.cloud LEVEL 3Little More Help
Просмотров 277
Out Of Band Application Security Testing Overview | OOB Alternatives to Burp Collaborator9:47Out Of Band Application Security Testing Overview | OOB Alternatives to Burp Collaborator
Out Of Band Application Security Testing Overview | OOB Alternatives to Burp Collaboratornigamelastic
Просмотров 6 тыс.
XXE Injection 2 | Exploiting XXE to Perform SSRF Attacks #BugBounty5:31XXE Injection 2 | Exploiting XXE to Perform SSRF Attacks #BugBounty
XXE Injection 2 | Exploiting XXE to Perform SSRF Attacks #BugBountyHMCyberAcademy
Просмотров 677
I'll Let Myself In: Tactics of Physical Pen Testers44:56I'll Let Myself In: Tactics of Physical Pen Testers
I'll Let Myself In: Tactics of Physical Pen TestersWild West Hackin' Fest
Просмотров 2,8 млн
Postgres just got even faster26:42Postgres just got even faster
Postgres just got even fasterHussein Nasser
Просмотров 17 тыс.
Exploiting XXE using external entities to retrieve files (Video solution)1:26Exploiting XXE using external entities to retrieve files (Video solution)
Exploiting XXE using external entities to retrieve files (Video solution)Michael Sommer
Просмотров 31 тыс.
Is this the best OSINT tool out there?!17:10Is this the best OSINT tool out there?!
Is this the best OSINT tool out there?!stuffy24
Просмотров 341 тыс.
Rossiyadagi o‘rmondan o‘zbekistonlik erkakning tana qoldiqlari topildi01:01Rossiyadagi o‘rmondan o‘zbekistonlik erkakning tana qoldiqlari topildi
Rossiyadagi o‘rmondan o‘zbekistonlik erkakning tana qoldiqlari topildiZAMONUZ
Просмотров 2,1 млн
БЕЛКА РОЖАЕТ?#cat00:28БЕЛКА РОЖАЕТ?#cat
БЕЛКА РОЖАЕТ?#catЛайки Like
Просмотров 132 тыс.
🍏 Устарели ОФИЦИАЛЬНО! 🤡00:32🍏 Устарели ОФИЦИАЛЬНО! 🤡
🍏 Устарели ОФИЦИАЛЬНО! 🤡Яблочный Маньяк
Просмотров 24 тыс.
Ставь лайк, если нравится 8бит! Или напиши любимого бравлера в комменты 🙌🏻00:26Ставь лайк, если нравится 8бит! Или напиши любимого бравлера в комменты 🙌🏻
Ставь лайк, если нравится 8бит! Или напиши любимого бравлера в комменты 🙌🏻Оля Кекс
Просмотров 396 тыс.
Пробую запустить ОКУ с первого раза #automobile #ока #shortsvideo #short #shorts00:19Пробую запустить ОКУ с первого раза #automobile #ока #shortsvideo #short #shorts
Пробую запустить ОКУ с первого раза #automobile #ока #shortsvideo #short #shortsMegaRetr
Просмотров 13 тыс.
🚫✨ Dive into these satisfying hacks that you should NOT try at home! #DontTryThis #SatisfyingHacks00:19🚫✨ Dive into these satisfying hacks that you should NOT try at home! #DontTryThis #SatisfyingHacks
🚫✨ Dive into these satisfying hacks that you should NOT try at home! #DontTryThis #SatisfyingHacksThat Little Puff
Просмотров 502 тыс.
Вопрос Ребром - Булкин59:32Вопрос Ребром - Булкин
Вопрос Ребром - БулкинGazgolder
Просмотров 998 тыс.
ОСКАР И ДЖОНИ РАЗРУШИЛИ ПОЛ ДОМА 😨🏠01:00ОСКАР И ДЖОНИ РАЗРУШИЛИ ПОЛ ДОМА 😨🏠
ОСКАР И ДЖОНИ РАЗРУШИЛИ ПОЛ ДОМА 😨🏠HOOOTDOGS
Просмотров 161 тыс.