all InfoSec news
HackTheBox - UpDown
Jan. 21, 2023, 3 p.m. | IppSec
IppSec www.youtube.com
01:00 - Start of nmap
01:30 - Testing the webhook, examining the request the server makes
05:30 - Trying other URL Wrappers to see how the application behaves
08:10 - Finding the .git sub directory, running git-dumper to extract source code
10:55 - Finding and explaining the LFI Vulnerability
12:10 - Attempting to use the php filter to extract source code, does not work, turns out there's another website
14:00 - Discovering there is a special header …
application code directory extract filter git git-dumper hackthebox lfi lfi vulnerability nmap php request server source code start testing url vulnerability webhook website work
More from www.youtube.com / IppSec
HackTheBox - Analytics
3 weeks, 6 days ago |
www.youtube.com
HackTheBox - AppSanity
1 month, 1 week ago |
www.youtube.com
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Information Security Engineers
@ D. E. Shaw Research | New York City
Cyber Security Architect - SR
@ ERCOT | Taylor, TX
SOC Analyst
@ Wix | Tel Aviv, Israel
Associate Director, SIEM & Detection Engineering(remote)
@ Humana | Remote US
Senior DevSecOps Architect
@ Computacenter | Birmingham, GB, B37 7YS