Bug Bounty | $1870 for blind command injection
In this video, I'll walk you through a blind command injection that I was able to exploit using CRLF injection and a captcha automation or bypass. we will dive deep into what is CRLF injection and how to test for it. enjoy.
/----- social -----/
/ leetcipher
Timestamps:
0:00 Lab overview
0:16 Setting up the lab
0:30 Reconnaissance
2:15 Using python to automate the captcha and fuzz for parameters
5:25 Testing for CRLF injection
5:49 Explaining CRLF injection
6:31 Identifying blind command injection
7:07 Explaining our exploit in python
7:45 Running the exploit and exfiltrating the output of the id command
8:39 Support me
9:09 Outro
Lab:
[ + ] https://github.com/leetCipher/bug-bou...
Patreon:
[ ❤ ] / leetcipher
NCS:
[ 🎵 ] • Unison - Aperture | Progressive House...
