Troubleshooting failed RCE Payloads by Debugging Python Web Applications - Noter Beyond Root

Name: Troubleshooting failed RCE Payloads by Debugging Python Web Applications - Noter Beyond Root
Uploaded: 2022-09-06T13:10:32Z
Channel: IppSec
Description: 00:00 - Intro 00:45 - Copying the webapp from the server to my local box 02:55 - Intalling the required modules to run the pip modules and running the w...

IppSec · Beginner ·📊 Data Analytics & Business Intelligence ·3y ago

00:00 - Intro 00:45 - Copying the webapp from the server to my local box 02:55 - Intalling the required modules to run the pip modules and running the website locally 03:30 - Using SSH Port forwarding to forward MySQL, so we don't have to setup a database 04:30 - Changing localhost in the web code to 127.0.0.1 which magically fixes an issue we had connecting to the database 05:20 - Getting an administrative login, registering a new user and then updating their role 07:45 - Running Visual Studio Code which gives us a nice debugger 09:20 - Creating a test payload and seeing why it fails 10:50 - …

Watch on YouTube ↗ (saves to browser)

Chapters (11)

Intro

0:45 Copying the webapp from the server to my local box

2:55 Intalling the required modules to run the pip modules and running the website

3:30 Using SSH Port forwarding to forward MySQL, so we don't have to setup a databa

4:30 Changing localhost in the web code to 127.0.0.1 which magically fixes an issue

5:20 Getting an administrative login, registering a new user and then updating thei

7:45 Running Visual Studio Code which gives us a nice debugger

9:20 Creating a test payload and seeing why it fails

10:50 Going over what $'' is and why it prevented our command execution if we didn't

12:40 When sending over the single quote, it is html encoded. Editing variables in t

14:20 Intercepting the request in BurpSuite and discovering the HTML Encoding is don

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →