Web Application Penetration Testing

An unknown Linux secret that turned SSRF to OS Command injection

A weird approach to escalate the Server-Side Request Forgery

Thanks for huge response to my previous write-ups. Recently I have participated in a private program and I found an OS command injection. In this write-up, want share my experience, approach and the challenge I faced during the exploitation.

What is SSRF:

--

--

--

https://www.buymeacoffee.com/secureitmania |blog.secureitmania.com| twitter @secureitmania |

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Releasing @Yeee 1.2

Why and How to Use a Hybrid Project Management Approach

Write your own Custom Data Generator for TensorFlow Keras

Build Simply Customer Queue in A Bank Using Python

How to start a Django application from scratch on HostPresto!

Python Training in Mohali

Microsoft365’s effective project process: Plan — Realize — Evaluate

Directed Acyclic graphs and their usage

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
secureITmania

secureITmania

https://www.buymeacoffee.com/secureitmania |blog.secureitmania.com| twitter @secureitmania |

More from Medium

SSRFire - an automated SSRF finder

All you need to know about HTML Injection

FILE UPLOAD RESTRICTION BYPASS

Weakly Typed SQL Injection