OOB XXE + SSRF To RCE //DreyAnd
In this video i showcased a chain of 2 big impact vulnerabilities to get code execution.
The XXE was blind and was blocking most of the things, interesting evasion to share with it.
Out of Band XML External Entity Injection + Server-side request forgery to Remote Code Execution
Video For Thanks DreyAnd
DreyAnd Contact: instagram.com/dreycoding
Summary:
1. OOB identification
2. Bypassing WAF blocks by creating external Document Type Definition (dtd) file and using a base64 filter.
3. Arbitrary file read by succeeding the previous thing.
4. Read our file vulnerable to SSRF.
5. Use our XXE to point the parameter vulnerable to SSRF into our own php reverse shell.
6. RCE.
-
Hope you enjoy the video.
Buy Me Coffee
/ @f3securityx
