Remote Code Execution (RCE) Vulnerability | FirstBlood v2 | Bug Bounty Service

Поделиться
HTML-код
  • Опубликовано: 4 дек 2024

Комментарии • 33

  • @Free.Education786
    @Free.Education786 Год назад +5

    Dear Sir,
    Please do cover these crucial topics also. Like...
    How to bypass Drupal CMS
    How to bypass WAF protection that stops HTML, SQL, and XSS injection payloads? How to find the real origin IP of secured websites behind Cloudflare, Akamai, ModSecurity, AWS CDN, etc. How to bypass WAF using SQLMAP How to find hidden vulnerable parameters and endpoints inside the.js files? How to find hidden admin panels & cPanel and WHM panels. Please cover these important topics. Thanks

    • @martinvoelk
      @martinvoelk  Год назад

      I will do many more videos around many topics

    • @Free.Education786
      @Free.Education786 Год назад

      @@martinvoelk Thanks 😊 Martin ✅️🤴👍✨️💉❤️🔑🫡

  • @_ArfatFarooq
    @_ArfatFarooq 8 месяцев назад +1

    You didn't not show how get reverse shells?? Also tell me one things what is "phar" is this command used to execute any malicious payload either RCE payload or XSS payloads in Burpsuite to get our payload executed on server? Does this "phar" command is used for that purpose to gain reverse shell directly??

    • @martinvoelk
      @martinvoelk  7 месяцев назад

      My video with reverse shells was delete by YT. Not in my control unfortunately.
      Here is a good write up
      pentest-tools.com/blog/exploit-phar-deserialization-vulnerability

  • @S2eedGH
    @S2eedGH Год назад +1

    Can I ask, where does the application read from the picture? I mean which part does the web application read from inside the picture? Exif data or what? And many thanks for great content

  • @alientec258
    @alientec258 5 месяцев назад

    nice work Sir 😀

  • @wafike1
    @wafike1 Год назад +1

    love it ❤

  • @Free.Education786
    @Free.Education786 Год назад +4

    If any website allows to upload files then we can perform all types web attacks. Main game starts when we see highly secured websites on HackerOne Bugcrowd Intigrity heavily protected by hard WAF CDN IPS etc. Humble advice to all new bug hunters don't waste 😉 your time and efforts on DVWA PORTSWIGGER BWAPP labs because these labs make you believe that you can hunt bugs on real live websites which is not the case in actual situation that's why 99.99% bug hunting students quit this field. If you want to be a REAL website hacker pentester exploitation expert then must practice on real live websites. Thanks 🎉❤

    • @martinvoelk
      @martinvoelk  Год назад +1

      Very true. But at the same time you still can find a lot of upload flaws on real websites participating in bug bounty programs (particularly SMB companies). Especially the content type not checked or the extension obfuscation are quite common still. For new hunters focusing on access control, IDOR and business logic is probably the quickest way to make some success.

    • @aquiles973
      @aquiles973 7 месяцев назад +1

      try.

  • @TegeElleMusic
    @TegeElleMusic Год назад +2

    Very informative!

  • @__pain__05
    @__pain__05 Год назад +1

    Can u teach me how to download burp pro in mac

    • @martinvoelk
      @martinvoelk  Год назад +1

      Portswigger has a step by step how to on their website explaining in great detail

  • @0ky4nus
    @0ky4nus Год назад

    Why did you choose monologue?

  • @justiflower3993
    @justiflower3993 Год назад +1

    💯💯

  • @kooroshsanaei
    @kooroshsanaei 7 месяцев назад

    Very nice bro

  • @adityaraj1415
    @adityaraj1415 Год назад

    whats monolog/rce2?

    • @martinvoelk
      @martinvoelk  Год назад

      it's a gadget chain.
      phpggc -l monolog
      Gadget Chains
      -------------
      NAME VERSION TYPE VECTOR I
      Monolog/RCE1 1.4.1

  • @devanshchauhan6977
    @devanshchauhan6977 Год назад +1

    Can you share the jpg file

    • @martinvoelk
      @martinvoelk  Год назад

      I will provide a GitHub repo in the future

  • @ohammadhoseinmohammadi5668
    @ohammadhoseinmohammadi5668 Год назад

    Hello sir can i have the picture ، can you upload it on mega or some other website and give me the link to download also Thx for the video

    • @martinvoelk
      @martinvoelk  Год назад

      It totally depends on the version. There is no one fits all. I suggest googling for the version or simply follow the steps in the video. However as said, it won't work in other versions.

  • @ReligionAndMaterialismDebunked
    @ReligionAndMaterialismDebunked Год назад +2

    That toolbar at the bottom. 💀💀💀💀