Hacking Websites by Uploading files (With symlinks)
In this video, I show you how symlinks can be used to read arbitrary files on a web server.
DISCLAIMER: This video is intended only for educational purposes.
The experiments in this video are performed in a controlled
lab setup and not on a live target. The content is purely
from a penetration testing perspective. I do not
condone or encourage any illegal activities.
The web application in the video supports a file upload functionality where users can upload zip files. When we create a zip file that has a symlink in it which is pointing to an arbitrary file on the server, we are able to read the file pointed by the symlink. In this way we can read any file on the server which can be read by the web server user account (www-data). This can be used to read sensitive files like private keys, bash history, and even apache configuration files. We can leverage this vulnerability to read environment variables that the website is using and find interesting information like Database credentials, tokens, secret strings which we can further use to gain access to various services like ftp, ssh, database, etc.
These kinds of vulnerabilities with symlinks have been exploited many times in the wild. One of the finest example is this GitLab vulnerability where the researcher received a $29,000 bug bounty: https://hackerone.com/reports/1439593
Thanks for watching!
SUBSCRIBE for more videos!
Join my Discord: https://discord.gg/6TjBzgt
Follow me on Instagram: https://instagram.com/teja.techraj
Website: https://techraj156.com
Blog: https://blog.techraj156.com
Видео Hacking Websites by Uploading files (With symlinks) канала Tech Raj
DISCLAIMER: This video is intended only for educational purposes.
The experiments in this video are performed in a controlled
lab setup and not on a live target. The content is purely
from a penetration testing perspective. I do not
condone or encourage any illegal activities.
The web application in the video supports a file upload functionality where users can upload zip files. When we create a zip file that has a symlink in it which is pointing to an arbitrary file on the server, we are able to read the file pointed by the symlink. In this way we can read any file on the server which can be read by the web server user account (www-data). This can be used to read sensitive files like private keys, bash history, and even apache configuration files. We can leverage this vulnerability to read environment variables that the website is using and find interesting information like Database credentials, tokens, secret strings which we can further use to gain access to various services like ftp, ssh, database, etc.
These kinds of vulnerabilities with symlinks have been exploited many times in the wild. One of the finest example is this GitLab vulnerability where the researcher received a $29,000 bug bounty: https://hackerone.com/reports/1439593
Thanks for watching!
SUBSCRIBE for more videos!
Join my Discord: https://discord.gg/6TjBzgt
Follow me on Instagram: https://instagram.com/teja.techraj
Website: https://techraj156.com
Blog: https://blog.techraj156.com
Видео Hacking Websites by Uploading files (With symlinks) канала Tech Raj
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
PFB #10 - Type Conversion in Java
PFB #14 - Command Line Input in Java
PFB #23 - Conditional Statements in Java![How to prevent Autolikers from using your Facebook Account[2015]](https://i.ytimg.com/vi/M8Tsw9FNWo8/default.jpg)
How to prevent Autolikers from using your Facebook Account[2015]
PFB #22 - Logical and Comparison Operators in Python
PFB #13 - Arithmetic Operators in Python
PFB #20 - Logical and Comparison Operators
4 Simple Ways To Remove the Background Of An Image![How to Compress the Size of a Video File Without Loosing Its Quality [HandBrake] - 2016](https://i.ytimg.com/vi/GJXH-aEZhWQ/default.jpg)
How to Compress the Size of a Video File Without Loosing Its Quality [HandBrake] - 2016
Create a Browser-based Hacking Lab for Pentesting (ParrotOS)
How to Take Over a Website with Command Injection | HTB Photobomb
Let's chat! | Coding Python Password Manager later..
OSINT with Maltego - Leaking Confidential Information!
The only video you need to understand Bitcoin
How to setup a C&C server with Metasploit like a Hacker!
How to actually make your Python code run faster?
How to stay Anonymous on the Internet with Tails! (How Hackers do it!)
An IDOR Vulnerability on INSTAGRAM! 49500$ Rewarded!
Convert your Website into a Mobile App without Coding!![Can you know when someone opened your Email? [Experiment]](https://i.ytimg.com/vi/NtVIslru8fo/default.jpg)
Can you know when someone opened your Email? [Experiment]