![]() ![]() So it is awesome to have a free open source alternative! 4. The only other tool I’ve seen efficiently help with this was DOMinator Pro, but it was commercial and I can’t find it online anymore. This helps detect harder-to-find XSS types like DOM XSS. You can trace risky input throughout the DOM, even in apps that use a lot of JavaScript. Tracy tries to go further by helping you identify sources of input and their corresponding outputs (or sinks). Most tools that help with XSS detection are limited because they rely on server response reflection. Not sure why this is happening, but it’s interesting to see a race condition help get RCE via file upload! 3. So in the short window where the file was still on the server, they got a reverse shell by requesting the file in a browser. By sending multiple requests, the server returned the file’s location (before it is moved to AWS). So they could upload Web shells, but didn’t get RCE because uploaded files were moved to AWS after 2 seconds! And here is the weird part: for some reason, the request that modified the uploaded file was vulnerable to a race condition. Nice way to get unrestricted file upload… But the file edit functionality allowed them to change already uploaded files to any extension (including PHP!). They couldn’t find any flaws in the main file upload functionality. This one is interesting because of the weird race condition. They share multiple writeups that each explains different bugs. ![]() Race Condition that could Result to RCE – (A story with an App that temporary stored an uploaded file within 2 seconds before moving it to Amazon and Tomi teamed up and found a whole bunch of bugs on a private program. Some of them are testing encoded & hashed IDs, adding an ID to the request even if the app didn’t ask for it, changing the request method, etc.Īlso, IDOR and self-XSS combined can lead to stored XSS, increasing the impact of the IDOR. ![]() The techniques mentioned can be very helpful especially in the context of bug bounty. This tutorial explains how to find IDORs that are less obvious than just incrementing an ID. This issue covers the week from 13 to 20 of September. The first series are curated by Mariem, better known as PentesterLand. Every week, she keeps us updated with a comprehensive list of all write-ups, tools, tutorials and resources we should not have missed. Bug Bytes is a weekly newsletter curated by members of the bug bounty community. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |