all InfoSec news
Sau Write-up
System Weakness - Medium systemweakness.com
A basket full of SSRF and RCE
Sau HTB BannerINTRODUCTION
Sau is a simple machine on hackthebox.com. It’s a Linux machine that features a Request Baskets instance that is vulnerable to Server-Side Request Forgery (SSRF) via CVE-2023-27163. Leveraging the vulnerability we are to gain access to a Maltrail instance that is vulnerable to Unauthenticated OS Command Injection, which allows us to gain a reverse shell on the machine as pumauser. A sudo misconfiguration is then exploited to gain …
access com command command injection ctf-writeup cve features forgery hacking hackthebox hackthebox-writeup htb info-sec-writeups injection instance linux machine os command pentest request server server-side request forgery simple ssrf unauthenticated vulnerability vulnerable write-up