Directory Traversal - Lab #5 File path traversal, validation of start of path | Long Version

In this video, we cover Lab #5 in the Directory Traversal Vulnerabilities module of the Web Security Academy. This lab contains a file path traversal vulnerability in the display of product images. The application transmits the full file path via a request parameter, and validates that the supplied path starts with the expected folder. To solve the lab, we retrieve the contents of the /etc/passwd file.

▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬
Buy my course: https://academy.ranakhalil.com/p/web-security-academy-video-series

▬ 📚 Contents of this video 📚 ▬▬▬▬▬▬▬▬▬▬
00:00 - Introduction
00:13 - Web Security Academy Course (https://bit.ly/30LWAtE)
01:24 - Navigation to the exercise
01:59 - Understand the exercise and make notes about what is required to solve it
02:30 - Exploit the lab
04:56 - Script the exploit in Python
11:26 - Summary
11:38 - Thank You

▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬
Notes.txt document: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/directory-traversal/lab-05/notes.txt
Python script: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/directory-traversal/lab-05/directory-traversal-lab-05.py
Web Security Academy Exercise Link: https://portswigger.net/web-security/file-path-traversal/lab-validate-start-of-path
Rana's Twitter account: https://twitter.com/rana__khalil

Видео Directory Traversal - Lab #5 File path traversal, validation of start of path | Long Version канала Rana Khalil

security web security owasp open web application security project portswigger web security academy python offensive security bug bounty scripting burp burp suite oswe offensive security web expert directory traversal black-box penetration testing white box pentesting peneration testing pentesting

Комментарии отсутствуют

Информация о видео

10 июня 2023 г. 22:00:22

00:11:55

Rana Khalil

Теги

Правообладателям

Жалоба на материал Недопустимый материал Нарушение авторских прав

Комментарии

Другие видео канала

Directory Traversal - Lab #5 File path traversal, validation of start of path | Long Version

Authentication Vulnerabilities - Lab #12 Password brute-force via password change | Short Version

Business Logic Vulnerabilities - Lab #7 Weak isolation on dual-use endpoint | Long Version

Business Logic Vulnerabilities - Lab #5 Low Level Logic Flaw | Short Video

Business Logic Vulnerabilities - Lab #6 Inconsistent handling of exceptional input | Short Video

Business Logic Vulnerabilities - Lab #4 Flawed enforcement of business rule | Short Version

Business Logic Vulnerabilities - Lab #7 Weak isolation on dual-use endpoint | Short Version

CORS - Lab #4 CORS vulnerability with internal network pivot attack | Long Video

Broken Access Control - Lab #2 Unprotected admin functionality with unpredictable URL | Long Version

Authentication Vulnerabilities - Lab #9 Brute-forcing a stay-logged-in cookie | Long Version

SQL Injection - Lab #13 Blind SQL injection with time delays

Broken Access Control - Lab #7 User ID controlled by request parameter | Long Version

Business Logic Vulnerabilities - Lab #4 Flawed enforcement of business rule | Long Version

Directory Traversal - Lab #4 Path traversal sequences stripped w/ URL-decode | Long Version

Authentication Vulnerabilities - Lab #13 Broken brute-force protection | Short Version

Broken Access Control - Lab #10 User ID controlled by param with password disclosure | Long Version

CSRF - Lab #7 CSRF where Referer validation depends on header being present | Short Version

Business Logic Vulnerabilities - Lab #8 Insufficient workflow validation | Long Version

Broken Access Control - Lab #3 User role controlled by request parameter | Long Version

Authentication Vulnerabilities - Lab #10 Offline password cracking | Long Version

Authentication Vulnerabilities - Lab #12 Password brute-force via password change | Long Version