A $7.500 BUG BOUNTY Bug explained, step by step. (BLIND XXE OOB over DNS) - REDUX
Have you ever wondered what a $7.500 Bug Bounty bug looks like?
In this "re-upload" of the original video created in 2019, il walk you through a theoretical "BLIND XXE OOB over DNS" bug on a super-hardened target and explain the ideas around how to exploit it.
The tool used in this video to create the initial XML/PDF payload is Tobias 'floyd' Ospelt amazing burp plugin "Upload Scanner" I absolutely recommend that you use it for all your file upload automation needs.
https://twitter.com/floyd_ch
https://github.com/portswigger/upload-scanner
Owasp XXE
https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing
Out of band entity XXE explained
https://www.acunetix.com/blog/articles/band-xml-external-entity-oob-xxe/
Burp collaborator
https://portswigger.net/burp/documentation/collaborator
Exploiting XXE with local DTD files
https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/
-------------- -- --
Support my work:
Join me on Patreon! https://www.patreon.com/stokfredrik
Need a shell to hack from? setup your own droplet today!
Get $100 credit on Digital Ocean using this link
https://m.do.co/c/5884b0601466
-------------- -- --
FAQ:
What gear do you use? :
Check out https://www.stokfredrik.com
Dude, I love what you do can we do "work stuff" together?
Sure, Email me at workwith @ stokfredrik.com
Видео A $7.500 BUG BOUNTY Bug explained, step by step. (BLIND XXE OOB over DNS) - REDUX канала STÖK
In this "re-upload" of the original video created in 2019, il walk you through a theoretical "BLIND XXE OOB over DNS" bug on a super-hardened target and explain the ideas around how to exploit it.
The tool used in this video to create the initial XML/PDF payload is Tobias 'floyd' Ospelt amazing burp plugin "Upload Scanner" I absolutely recommend that you use it for all your file upload automation needs.
https://twitter.com/floyd_ch
https://github.com/portswigger/upload-scanner
Owasp XXE
https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing
Out of band entity XXE explained
https://www.acunetix.com/blog/articles/band-xml-external-entity-oob-xxe/
Burp collaborator
https://portswigger.net/burp/documentation/collaborator
Exploiting XXE with local DTD files
https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/
-------------- -- --
Support my work:
Join me on Patreon! https://www.patreon.com/stokfredrik
Need a shell to hack from? setup your own droplet today!
Get $100 credit on Digital Ocean using this link
https://m.do.co/c/5884b0601466
-------------- -- --
FAQ:
What gear do you use? :
Check out https://www.stokfredrik.com
Dude, I love what you do can we do "work stuff" together?
Sure, Email me at workwith @ stokfredrik.com
Видео A $7.500 BUG BOUNTY Bug explained, step by step. (BLIND XXE OOB over DNS) - REDUX канала STÖK
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![The Million-Dollar Hacker](https://i.ytimg.com/vi/icyTUMjlvMg/default.jpg)
![HOW TO GET STARTED IN BUG BOUNTY (9x PRO TIPS)](https://i.ytimg.com/vi/CU9Iafc-Igs/default.jpg)
![HOW TO APPROACH A NEW BOUNTY TARGET? 5 THINGS YOU MUST TEST FOR!](https://i.ytimg.com/vi/aNQg9mg4WNI/default.jpg)
![Burpsuite Basics (FREE Community Edition)](https://i.ytimg.com/vi/G3hpAeoZ4ek/default.jpg)
![Finally! HOW TO solve the INTIGRITI Easter XSS challenge using only Chrome DEVTOOLS!](https://i.ytimg.com/vi/IhPsBMBDFcg/default.jpg)
![VIM tutorial: linux terminal tools for bug bounty pentest and redteams with @tomnomnom](https://i.ytimg.com/vi/l8iXMgk2nnY/default.jpg)
![XML External Entity Injection](https://i.ytimg.com/vi/9ZokuRHo-eY/default.jpg)
![How to Crush Bug Bounties in the first 12 Months](https://i.ytimg.com/vi/AbebbJ3cRLI/default.jpg)
![Bounty Thursdays #25 - Will AI really destroy the cyber security industry? find out now!](https://i.ytimg.com/vi/l1LhyY0FYqY/default.jpg)
![Hacker101 - JavaScript for Hackers (Created by @STÖK)](https://i.ytimg.com/vi/FTeE3OrTNoA/default.jpg)
![Mental Hacking 4 Better Bounties (or How 2 Learn Cool Stuff)](https://i.ytimg.com/vi/roVg_wgGgxQ/default.jpg)
![XML External Entities (XXE) Explained](https://i.ytimg.com/vi/gjm6VHZa_8s/default.jpg)
![How i became a HackerOne MVH without writing a single line of python (Motivational talk)](https://i.ytimg.com/vi/4YjCta2fcbw/default.jpg)
![How I Made $100,000 in a Month](https://i.ytimg.com/vi/dRTqRJsr1ss/default.jpg)
![Bugcrowd University - Cross Site Scripting (XSS)](https://i.ytimg.com/vi/gkMl1suyj3M/default.jpg)
![Former NSA hacker: top skills, jobs and hacking in 2021](https://i.ytimg.com/vi/XLsh1bgae4k/default.jpg)
![OMG! I made $20k in one day! (BUG BOUNTY LIFE)](https://i.ytimg.com/vi/nEC4UMygauE/default.jpg)
![How to Be an Ethical Hacker in 2021](https://i.ytimg.com/vi/mdsChhW056A/default.jpg)
![Bug Bounty (how to make money HACKING!!) // ft. STÖK](https://i.ytimg.com/vi/HbcY1HQtLms/default.jpg)
![HackerOne Hacker Interviews: Andre Baptista (@0xacb)](https://i.ytimg.com/vi/e9h3WE-arAU/default.jpg)