Skip to main content

Posts

Showing posts from September, 2017

Exploiting a Single Request for Multiple Vulnerabilities

Hello Everyone, This is my first blog post, it's about multiple security vulnerabilities found from a single request on a private program recently. The vulnerabilities found are simple Stored and Reflected XSS, SSRF and Command Injection. But since I have never written any pocs before, so just wanted to write about this one. So let's call the website as privatesite.com After login, the first thing I saw was a feature to upload images. So started testing the uploader functionality, like directly uploading PHP, SWF, SVG, etc., but nothing worked as the uploader looked secured from my end. Then I noticed there is a feature to crop the image, the post request of this feature looked kind of interesting. 1. SSRF There was a parameter http_path which had the image URL, so I fired up a socket listening to a port on my server, and in that http_path parameter I put my server's IP and port, and the socket received the connection. So an external SSRF was confirme