ADVANCED BUG BOUNTY TUTORIAL: BUSINESS LOGIC VULNERABILITY

ADVANCED BUG BOUNTY TUTORIAL: BUSINESS LOGIC VULNERABILITY | 2023

Рет қаралды 5,281

BePractical

Күн бұрын

Пікірлер: 27

@mnageh-bo1mm Жыл бұрын

but why would the server accept the link from you ? i mean it already have it

@BePracticalTech Жыл бұрын

Thanks for asking this question. Let's try to understand from the developer's perspective. Many times the file will get uploaded at the third party services(like s3 buckets etc). Suppose the user wants to re upload the file, In this case the file needs to be uploaded on the server again and the new link needs to be stored again. To speed up this process, many times developers fetch the link at the client side so that if they want to re upload the file, they can just modify the data at the client side rather than editing the data in db. Once the client is done with their file upload, they can finally click on the submit button and then the final link will be uploaded in the database. Hope you understand

@mnageh-bo1mm Жыл бұрын

@@BePracticalTech thx i got it even that seems untypical behavior

@BePracticalTech Жыл бұрын

Glad you understand! I think every vulnerability is an untypical behavior. 😉

@robinhood3001 Жыл бұрын

Thats awesome....pls make a tutorial on how to bypass admin wordpress panel

@srikanth4326 Жыл бұрын

Very well explained

@H3xOv3rflow Жыл бұрын

Thanks brother ❤

@BePracticalTech Жыл бұрын

You're welcome

@oye_ahmad1657 Жыл бұрын

Bro make videos on how to find low hanging fruits using burpsuite🙏🏻🙏🏻🙏🏻Manual Testing....

@BePracticalTech Жыл бұрын

Sure! Will keep this topic in mind

@apple_00 Жыл бұрын

Thanks for you ❤

@BePracticalTech Жыл бұрын

Glad you liked the video!

@imran_hossain123 Жыл бұрын

Great bro

@BePracticalTech Жыл бұрын

Thank you!

@joy3658 Жыл бұрын

So, If I upload a malicious JPG file to the web application then the server can not validate right? like attacker using jpg to exploit or something malicious like that. (in png image cmd command) Then it can be a bug? So, in any application where uploading features going on, and server don't validating the input file then it can be a bug??

@joy3658 Жыл бұрын

But what would be the scenerio or response like if server was validate that?

@BePracticalTech Жыл бұрын

Please read the pinned comment to understand.

@orbitxyz7867 Жыл бұрын

thanks bro Next video on cve you found

@BePracticalTech Жыл бұрын

Sure!

@r3plican Жыл бұрын

it is same as redirect vuln?

@BePracticalTech Жыл бұрын

Yes, it is kind of similar to open redirection

@imtiajarefin Жыл бұрын

🎉🎉

@BePracticalTech Жыл бұрын

Thank you!

@whateveritis0 Жыл бұрын

Haii, watching your videos from the Start, learned a lot., now can you do a video on, where we have to look a particular bug, for example What are the bug we can look in registration, and what are the possible parameter for particular bugs 🫶🏻