Discover and read the best of Twitter Threads about #WAPT
Most recents (2)
Want to find RCE on Web Applications? 🚀
Here are some ways to escalate or direct RCEs in Bug Bounties
A thread🧵
#bugbounty #bugbounties #wapt #rce #zeroday
Here are some ways to escalate or direct RCEs in Bug Bounties
A thread🧵
#bugbounty #bugbounties #wapt #rce #zeroday
1. LFI with Log Poisoning :
➼ Apache Log: hackingarticles.in/apache-log-poi…
➼ SSH Log:hackingarticles.in/rce-with-lfi-a…
➼ SMTP Log:liberty-shell.com/sec/2018/05/19…
➼ FTP Log: secnhack.in/ftp-log-poison…
(2/n)
➼ Apache Log: hackingarticles.in/apache-log-poi…
➼ SSH Log:hackingarticles.in/rce-with-lfi-a…
➼ SMTP Log:liberty-shell.com/sec/2018/05/19…
➼ FTP Log: secnhack.in/ftp-log-poison…
(2/n)
2. Via File Upload :
âž¼ Upload .php reverse shell
âž¼ If not, Bypass Restrictions :
(a) Double Extension
(b) Random Upper & Lower Case Names
(c) Changing Mime Type
(d) Null Byte
(e) Magic Byte
âž¼ If image allowed, use ExifTool and add PHP reverse shell in comment metadata
(3/n)
âž¼ Upload .php reverse shell
âž¼ If not, Bypass Restrictions :
(a) Double Extension
(b) Random Upper & Lower Case Names
(c) Changing Mime Type
(d) Null Byte
(e) Magic Byte
âž¼ If image allowed, use ExifTool and add PHP reverse shell in comment metadata
(3/n)
@TRANQUIL_IT dans un contexte multi-ad sans liens d'approbations + postes hors domaines, comment se passe l'intégration de #WAPT ? @K3nnyfr #fautsoccuper
2 - La doc officielle parte d'installer #systemd mais pas la doc @_ComputerZ dans son article #Debian10 donc nécessaire ou pas ?
3 - Si on veut passer de #Community à #Entreprise par la suite, galère ou pas ?
