Published on March 31st, 2019 📆 | 1848 Views ⚑
0A $7.500 BUG Bounty Bug explained, step by step. (BLIND XXE OOB over DNS)
https://www.ispeech.org
Have you ever wondered what a $7.500 Bug Bounty bug looks like?
In this vlog il walk you through a BLIND XXE OOB over DNS bug on a super hardened target and teach you how to exploit it.
The tool used in this video to create the initial XML/PDF payload is @floyd_ch's amazing file upload scanner, use it for you automation needs.
https://twitter.com/floyd_ch
https://github.com/portswigger/upload-scanner
Other useful links:
Bug Bounty Notes
https://www.bugbountynotes.com/
Owasp XXE
https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing
Out of band entity XXE explained
https://www.acunetix.com/blog/articles/band-xml-external-entity-oob-xxe/
Burp collaborator
https://portswigger.net/burp/documentation/collaborator
Exploiting XXE with local DTD files
https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/
ps. all music is licensed from epidemic sound, and the REDACTED target is on non disclosure, so this is as good as it gets.. .ds
source
0 Responses to A $7.500 BUG Bounty Bug explained, step by step. (BLIND XXE OOB over DNS)