Web Application Penetration Testing
An unknown Linux secret that turned SSRF to OS Command injection
A weird approach to escalate the Server-Side Request Forgery
Thanks for huge response to my previous write-ups. Recently I have participated in a private program and I found an OS command injection. In this write-up, want share my experience, approach and the challenge I faced during the exploitation.