Videos A $7.500 BUG Bounty Bug explained, step by step. (BLIND XXE OOB over DNS)

Published on March 31st, 2019 📆 | 1848 Views ⚑

0

A $7.500 BUG Bounty Bug explained, step by step. (BLIND XXE OOB over DNS)


https://www.ispeech.org


Have you ever wondered what a $7.500 Bug Bounty bug looks like?
In this vlog il walk you through a BLIND XXE OOB over DNS bug on a super hardened target and teach you how to exploit it.

The tool used in this video to create the initial XML/PDF payload is @floyd_ch's amazing file upload scanner, use it for you automation needs.
https://twitter.com/floyd_ch
https://github.com/portswigger/upload-scanner

Other useful links:
Bug Bounty Notes
https://www.bugbountynotes.com/

Owasp XXE
https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing

Out of band entity XXE explained
https://www.acunetix.com/blog/articles/band-xml-external-entity-oob-xxe/





Burp collaborator
https://portswigger.net/burp/documentation/collaborator

Exploiting XXE with local DTD files
https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/

ps. all music is licensed from epidemic sound, and the REDACTED target is on non disclosure, so this is as good as it gets.. .ds

source

Tagged with:



0 Responses to A $7.500 BUG Bounty Bug explained, step by step. (BLIND XXE OOB over DNS)






© Torchsec  Privacy Policy Disclaimer  T&C



Back to Top ↑