A $7.500 BUG BOUNTY Bug explained, step by step. (BLIND XXE OOB over DNS) - REDUX
Have you ever wondered what a $7.500 Bug Bounty bug looks like?
In this "re-upload" of the original video created in 2019, il walk you through a theoretical "BLIND XXE OOB over DNS" bug on a super-hardened target and explain the ideas around how to exploit it.
The tool used in this video to create the initial XML/PDF payload is Tobias 'floyd' Ospelt amazing burp plugin "Upload Scanner" I absolutely recommend that you use it for all your file upload automation needs.
https://twitter.com/floyd_ch
https://github.com/portswigger/upload-scanner
Owasp XXE
https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing
Out of band entity XXE explained
https://www.acunetix.com/blog/articles/band-xml-external-entity-oob-xxe/
Burp collaborator
https://portswigger.net/burp/documentation/collaborator
Exploiting XXE with local DTD files
https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/
-------------- -- --
Support my work:
Join me on Patreon! https://www.patreon.com/stokfredrik
Need a shell to hack from? setup your own droplet today!
Get $100 credit on Digital Ocean using this link
https://m.do.co/c/5884b0601466
-------------- -- --
FAQ:
What gear do you use? :
Check out https://www.stokfredrik.com
Dude, I love what you do can we do "work stuff" together?
Sure, Email me at workwith @ stokfredrik.com
Видео A $7.500 BUG BOUNTY Bug explained, step by step. (BLIND XXE OOB over DNS) - REDUX канала STÖK
In this "re-upload" of the original video created in 2019, il walk you through a theoretical "BLIND XXE OOB over DNS" bug on a super-hardened target and explain the ideas around how to exploit it.
The tool used in this video to create the initial XML/PDF payload is Tobias 'floyd' Ospelt amazing burp plugin "Upload Scanner" I absolutely recommend that you use it for all your file upload automation needs.
https://twitter.com/floyd_ch
https://github.com/portswigger/upload-scanner
Owasp XXE
https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing
Out of band entity XXE explained
https://www.acunetix.com/blog/articles/band-xml-external-entity-oob-xxe/
Burp collaborator
https://portswigger.net/burp/documentation/collaborator
Exploiting XXE with local DTD files
https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/
-------------- -- --
Support my work:
Join me on Patreon! https://www.patreon.com/stokfredrik
Need a shell to hack from? setup your own droplet today!
Get $100 credit on Digital Ocean using this link
https://m.do.co/c/5884b0601466
-------------- -- --
FAQ:
What gear do you use? :
Check out https://www.stokfredrik.com
Dude, I love what you do can we do "work stuff" together?
Sure, Email me at workwith @ stokfredrik.com
Видео A $7.500 BUG BOUNTY Bug explained, step by step. (BLIND XXE OOB over DNS) - REDUX канала STÖK
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
The Million-Dollar Hacker
HOW TO GET STARTED IN BUG BOUNTY (9x PRO TIPS)
HOW TO APPROACH A NEW BOUNTY TARGET? 5 THINGS YOU MUST TEST FOR!
Burpsuite Basics (FREE Community Edition)
Finally! HOW TO solve the INTIGRITI Easter XSS challenge using only Chrome DEVTOOLS!
VIM tutorial: linux terminal tools for bug bounty pentest and redteams with @tomnomnom
XML External Entity Injection
How to Crush Bug Bounties in the first 12 Months
Bounty Thursdays #25 - Will AI really destroy the cyber security industry? find out now!
Hacker101 - JavaScript for Hackers (Created by @STÖK)
Mental Hacking 4 Better Bounties (or How 2 Learn Cool Stuff)
XML External Entities (XXE) Explained
How i became a HackerOne MVH without writing a single line of python (Motivational talk)
How I Made $100,000 in a Month
Bugcrowd University - Cross Site Scripting (XSS)
Former NSA hacker: top skills, jobs and hacking in 2021
OMG! I made $20k in one day! (BUG BOUNTY LIFE)
How to Be an Ethical Hacker in 2021
Bug Bounty (how to make money HACKING!!) // ft. STÖK
HackerOne Hacker Interviews: Andre Baptista (@0xacb)