@batman786 said:
is the submit form vulnerable or not ?? 1st parameter checks for a regex name matching and the 2nd parameter …tried many injection techniques …can’t verify its vulnerable or not…any hints pls…))
Enumerate more and then revisit the form. You’ll see the light and understand how to check it
@batman786 said:
is the submit form vulnerable or not ?? 1st parameter checks for a regex name matching and the 2nd parameter …tried many injection techniques …can’t verify its vulnerable or not…any hints pls…))
Enumerate more and then revisit the form. You’ll see the light and understand how to check it
@batman786 said:
is the submit form vulnerable or not ?? 1st parameter checks for a regex name matching and the 2nd parameter …tried many injection techniques …can’t verify its vulnerable or not…any hints pls…))
Enumerate more and then revisit the form. You’ll see the light and understand how to check it
Its couchdb right… Its kinda hard to exploit…))
Use a very popular tool to enumerate the server again…more thoroughly
I can’t believe it took me so long to get user.txt after initial foothold. I had access to the right place, but overlooked a crucial and glaring repository of information that was staring me in the face! Don’t overlook things just because you’re looking for an RCE exploit! You might miss something important. Finally got user!
Back at this after a week of taking break. I could recreate the page locally, I can see the history and what seems to be a vulnerable URL. I can get it do the ‘correct’ thing but I am stuck on that.
Out of ideas how to gain a foothold/get a shell - any hints on PM would be appreciated, don’t spoon feed me if you do, just a nudge. Google thinks i’m an automated bot for the amount of searches i’ve done today…
Can’t really understand how I’m supposed to get something to run when it can’t find imports, can’t import by filename and it can’t find things to do eval as can’t find that either… hopefully that’s not a spoiler for someone, it could just be that i’m doing it wrong.
Hint to anyone lurking here who is getting odd results when trying to do the business on the requests… read the comments around dos2unix and the python library for sending requests etc… d’oh!
Hi there, enumerated this machine and found the 2 services. Also tried to find a vuln in the webapp while going for the s****t form. No success trying to attach the C*****B. Could someone please give me a hint via pm?
Hi! I’ve some problems using python requests to exploit the initial RCE:
using the same exploit works locally but when sending the payload to the server i get error 500.
I’ve also added the header application/x-www-form-urlencoded to the POST.
@dodo said:
Hi! I’ve some problems using python requests to exploit the initial RCE:
using the same exploit works locally but when sending the payload to the server i get error 500.
I’ve also added the header application/x-www-form-urlencoded to the POST.
I need to add something as header?
In exactly the same spot. Would love a nudge on the payload for RCE. Can post and check the result based on the hash. If the *1 string is not found I get a good 200 back with the string; if it is found its 500 each time, but works locally.
@dodo said:
Hi! I’ve some problems using python requests to exploit the initial RCE:
using the same exploit works locally but when sending the payload to the server i get error 500.
I’ve also added the header application/x-www-form-urlencoded to the POST.
I need to add something as header?
In exactly the same spot. Would love a nudge on the payload for RCE. Can post and check the result based on the hash. If the *1 string is not found I get a good 200 back with the string; if it is found its 500 each time, but works locally.
no need to add headers …just make a script to automate all required job…