all InfoSec news
HackTheBox - Inject
July 8, 2023, 3 p.m. | IppSec
IppSec www.youtube.com
00:58 - Start of nmap
01:45 - Trying to identify the technology running the webapp, 404 page reveals it is likely tomcat
03:00 - Running Gobuster, then checking out the page
04:00 - Uploading an image and discovering an file disclosure vulnerability
05:15 - Talking about how File Disclosures in Java can reveal directory listings, and grabbing pom.xml
07:45 - Using Snyk to identify vulnerabilities, but first we have to install Maven
10:45 - Exploiting CVE-2022-22963 Manually …
directory disclosure disclosures file gobuster hackthebox identify image inject introduction java nmap page running start talking technology tomcat vulnerability webapp
More from www.youtube.com / IppSec
HackTheBox - Analytics
1 month, 1 week ago |
www.youtube.com
HackTheBox - Manager
1 month, 2 weeks ago |
www.youtube.com
HackTheBox - AppSanity
1 month, 3 weeks ago |
www.youtube.com
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Security Engineer II- Full stack Java with React
@ JPMorgan Chase & Co. | Hyderabad, Telangana, India
Cybersecurity SecOps
@ GFT Technologies | Mexico City, MX, 11850
Senior Information Security Advisor
@ Sun Life | Sun Life Toronto One York
Contract Special Security Officer (CSSO) - Top Secret Clearance
@ SpaceX | Hawthorne, CA
Early Career Cyber Security Operations Center (SOC) Analyst
@ State Street | Quincy, Massachusetts