Remote Code Execution (RCE) Vulnerability | FirstBlood v2

Remote Code Execution (RCE) Vulnerability | FirstBlood v2 | Bug Bounty Service

Рет қаралды 11,307

Күн бұрын

Пікірлер: 33

@Free.Education786 Жыл бұрын

Dear Sir, Please do cover these crucial topics also. Like... How to bypass Drupal CMS How to bypass WAF protection that stops HTML, SQL, and XSS injection payloads? How to find the real origin IP of secured websites behind Cloudflare, Akamai, ModSecurity, AWS CDN, etc. How to bypass WAF using SQLMAP How to find hidden vulnerable parameters and endpoints inside the.js files? How to find hidden admin panels & cPanel and WHM panels. Please cover these important topics. Thanks

@martinvoelk Жыл бұрын

I will do many more videos around many topics

@Free.Education786 Жыл бұрын

@@martinvoelk Thanks 😊 Martin ✅️🤴👍✨️💉❤️🔑🫡

@TegeElleMusic Жыл бұрын

Very informative!

@martinvoelk Жыл бұрын

Glad you liked it

@wafike1 Жыл бұрын

love it ❤

@martinvoelk Жыл бұрын

Thanks

@alientec258 3 ай бұрын

nice work Sir 😀

@martinvoelk 2 ай бұрын

Thank you! Cheers!

@_ArfatFarooq 6 ай бұрын

You didn't not show how get reverse shells?? Also tell me one things what is "phar" is this command used to execute any malicious payload either RCE payload or XSS payloads in Burpsuite to get our payload executed on server? Does this "phar" command is used for that purpose to gain reverse shell directly??

@martinvoelk 4 ай бұрын

My video with reverse shells was delete by YT. Not in my control unfortunately. Here is a good write up pentest-tools.com/blog/exploit-phar-deserialization-vulnerability

@justiflower3993 Жыл бұрын

💯💯

@martinvoelk Жыл бұрын

thanks

@kooroshsanaei 5 ай бұрын

Very nice bro

@martinvoelk 4 ай бұрын

Thanks

@S2eedGH Жыл бұрын

Can I ask, where does the application read from the picture? I mean which part does the web application read from inside the picture? Exif data or what? And many thanks for great content

@martinvoelk Жыл бұрын

please dm. Not sure I understand the question

@adhurealfaz9582 Жыл бұрын

extension and meta data

@Free.Education786 Жыл бұрын

If any website allows to upload files then we can perform all types web attacks. Main game starts when we see highly secured websites on HackerOne Bugcrowd Intigrity heavily protected by hard WAF CDN IPS etc. Humble advice to all new bug hunters don't waste 😉 your time and efforts on DVWA PORTSWIGGER BWAPP labs because these labs make you believe that you can hunt bugs on real live websites which is not the case in actual situation that's why 99.99% bug hunting students quit this field. If you want to be a REAL website hacker pentester exploitation expert then must practice on real live websites. Thanks 🎉❤

@martinvoelk Жыл бұрын

Very true. But at the same time you still can find a lot of upload flaws on real websites participating in bug bounty programs (particularly SMB companies). Especially the content type not checked or the extension obfuscation are quite common still. For new hunters focusing on access control, IDOR and business logic is probably the quickest way to make some success.

@aquiles973 5 ай бұрын

try.

@__pain__05 Жыл бұрын

Can u teach me how to download burp pro in mac

@martinvoelk Жыл бұрын

Portswigger has a step by step how to on their website explaining in great detail

@0ky4nus Жыл бұрын

Why did you choose monologue?

@martinvoelk Жыл бұрын

based on recon of the app.

@ohammadhoseinmohammadi5668 11 ай бұрын

Hello sir can i have the picture ، can you upload it on mega or some other website and give me the link to download also Thx for the video

@martinvoelk 11 ай бұрын

It totally depends on the version. There is no one fits all. I suggest googling for the version or simply follow the steps in the video. However as said, it won't work in other versions.