secureITmania

Mar 17, 2021

3 min read

Web Application Penetration Testing

An unknown Linux secret that turned SSRF to OS Command injection

A weird approach to escalate the Server-Side Request Forgery

Thanks for huge response to my previous write-ups. Recently I have participated in a private program and I found an OS command injection. In this write-up, want share my experience, approach and the challenge I faced during the exploitation.

What is SSRF:

--

--

--

More from secureITmania

https://www.buymeacoffee.com/secureitmania |blog.secureitmania.com| twitter @secureitmania |

Love podcasts or audiobooks? Learn on the go with our new app.

Try Knowable

Recommended from Medium

Samir Boulil

Releasing @Yeee 1.2

Ivan Ozhiganov

in

Azoft

Why and How to Use a Hybrid Project Management Approach

Arjun Muraleedharan

in

Analytics Vidhya

Write your own Custom Data Generator for TensorFlow Keras

Juandalizar

Build Simply Customer Queue in A Bank Using Python

Valentine Kulikov

How to start a Django application from scratch on HostPresto!

Naman Srivastava

Python Training in Mohali

timeghost

Microsoft365’s effective project process: Plan — Realize — Evaluate

Manzar Iqbal

Directed Acyclic graphs and their usage

AboutHelpTermsPrivacy

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
secureITmania

secureITmania

https://www.buymeacoffee.com/secureitmania |blog.secureitmania.com| twitter @secureitmania |

More from Medium

Md. Nur Habib

SSRFire - an automated SSRF finder

Sathvika

All you need to know about HTML Injection

Abhishekgk

FILE UPLOAD RESTRICTION BYPASS

Jesse Clark

in

Techiepedia

Weakly Typed SQL Injection

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Knowable