1
00:00:00,140 --> 00:00:06,060
Doesn't want to see what his final immunity, final approval would be is very important when it comes

2
00:00:06,060 --> 00:00:14,340
to a security official to find the problem with these applications and in many ways dispensability depends

3
00:00:14,340 --> 00:00:19,860
entirely on purpose that allows an attacker to upload a fine hiding malicious code inside that can then

4
00:00:19,860 --> 00:00:28,370
be executed on the civil and able to put speech in to the website or defreeze the website on that community

5
00:00:28,650 --> 00:00:30,540
and turn this over to others.

6
00:00:30,540 --> 00:00:35,060
And some justice to sensitive data might be informed by unauthorized people.

7
00:00:35,370 --> 00:00:44,490
And if the page allows users to upload an image that the to to the to some coding and check if the last

8
00:00:44,490 --> 00:00:52,260
character on the file is to go on to be Bingy before allowing the image get uploaded in.

9
00:00:53,130 --> 00:00:56,000
So this is how this.

10
00:00:58,680 --> 00:01:01,690
Final approval will be on a particular website and how to exploit it.

11
00:01:01,920 --> 00:01:04,320
So let's see here in our digital machine.

12
00:01:04,320 --> 00:01:06,240
So let's get to the upload section.

13
00:01:07,940 --> 00:01:10,970
So as you can see, this Web site allows us to upload something.

14
00:01:12,150 --> 00:01:20,800
Let's go to the browser and I'm going to upload this by photo and just upload so as you can see here.

15
00:01:22,550 --> 00:01:29,850
So this is the part where this file is uploaded, so let's see, it is uploaded on server, on our server,

16
00:01:29,900 --> 00:01:32,270
not just copying this.

17
00:01:34,240 --> 00:01:40,700
Copying this Lincoln is pasted here, is presented, as you can see, it is uploaded on a server back

18
00:01:40,720 --> 00:01:40,950
here.

19
00:01:41,620 --> 00:01:50,020
So as you can see here, the code in the code, there is no filter is here.

20
00:01:50,060 --> 00:01:51,690
OK, so you can upload anything.

21
00:01:51,700 --> 00:02:00,610
So I'm going to upload Sellier BHP sell how you can upload Pepicello, so let's create a sellier.

22
00:02:00,790 --> 00:02:07,990
So I'm going to use a tool and really sort of see how it works this collectively and it will show you

23
00:02:07,990 --> 00:02:10,450
how you can make use of this tool.

24
00:02:11,140 --> 00:02:20,050
As you can see, error tammar and if you want to generate new Ajin that is new file then you should

25
00:02:20,050 --> 00:02:20,470
use this.

26
00:02:20,470 --> 00:02:27,560
Come on, let's try this on Lavely.

27
00:02:27,850 --> 00:02:28,300
OK,

28
00:02:31,630 --> 00:02:36,040
generate and you have to put password.

29
00:02:36,220 --> 00:02:37,920
I'm going to put one, two, three, four.

30
00:02:38,260 --> 00:02:44,590
And the part where you want to save the file and I want to save it on next up.

31
00:02:45,370 --> 00:02:46,510
I just named the file.

32
00:02:48,280 --> 00:02:54,160
OK, I thought BHP ok BHP press enter.

33
00:02:55,290 --> 00:02:56,820
So they can see how the fight is.

34
00:02:58,670 --> 00:03:05,960
Don't another next jobs, so this is a fight back to the machine, let's try to inject straight uploaded.

35
00:03:07,090 --> 00:03:10,720
Next stop and we will open.

36
00:03:11,610 --> 00:03:17,610
So now click on upload and it is successfully uploaded, so if you want to see it is uploaded on copy,

37
00:03:17,670 --> 00:03:20,320
the path is based here.

38
00:03:23,590 --> 00:03:26,650
And just enter so you can see the blank screen.

39
00:03:27,460 --> 00:03:33,010
With Whibley, it is uploaded on our site, you can see it if you want to just make Hansing with this

40
00:03:33,010 --> 00:03:33,500
Lavely.

41
00:03:33,880 --> 00:03:35,980
So this come on.

42
00:03:35,980 --> 00:03:45,050
You should use Pavle and I have to put the all you all on the uploaded file control.

43
00:03:45,050 --> 00:03:45,670
All control.

44
00:03:45,680 --> 00:03:48,420
See that's pasticcio.

45
00:03:50,870 --> 00:03:58,200
And password, one, two, three, four as presenter so they can see your connected with the file.

46
00:03:58,620 --> 00:04:03,220
Now you do know what you can do, whatever you want to do here.

47
00:04:03,500 --> 00:04:05,080
So I'm going to use Linux.

48
00:04:05,090 --> 00:04:05,390
Come on.

49
00:04:05,870 --> 00:04:07,160
Let's see where I am.

50
00:04:08,450 --> 00:04:13,970
BWV So I'm currently in this directory, so let's see list.

51
00:04:14,720 --> 00:04:18,270
So these are the things we said, which is in my desktop.

52
00:04:18,860 --> 00:04:23,300
So if you want to see these and these are the things that is suing you.

53
00:04:23,990 --> 00:04:34,190
So now let's see the I.T. order to see the you name that is Leena's Modeselektor limousine.

54
00:04:34,610 --> 00:04:39,680
If you want any kind of help from this press, help and presenter's with these many commands you can

55
00:04:39,680 --> 00:04:40,100
use.

56
00:04:40,610 --> 00:04:42,590
So this is how you can exploit the vulnerability.

57
00:04:42,890 --> 00:04:46,070
So to drive by increasing the security.

58
00:04:47,740 --> 00:04:55,570
So it is medium and just summit, so you can see we just made the security to medium and let's try to

59
00:04:55,570 --> 00:04:58,230
upload that particular share here.

60
00:04:58,480 --> 00:05:04,230
OK, so we have the sensitivities and this open and this can upload.

61
00:05:04,690 --> 00:05:07,960
So it is showing me that had already sent.

62
00:05:08,280 --> 00:05:13,810
So it is showing me the morning and it is asking me to upload image.

63
00:05:14,140 --> 00:05:23,450
So let's try to upload image that it is taking image or not see this and upload.

64
00:05:24,010 --> 00:05:25,180
So yes it is.

65
00:05:26,100 --> 00:05:32,040
Except the image, so let's try some blackbox method, so first of all.

66
00:05:34,340 --> 00:05:35,330
We have to see.

67
00:05:37,440 --> 00:05:44,860
The source code, if it is available, then if it is not, then you can use blackbox texting.

68
00:05:45,480 --> 00:05:53,550
So as you can see it, it is just allowing us to upload only Jopek twice the straight.

69
00:05:55,000 --> 00:05:56,740
So first of all, we have to.

70
00:05:58,560 --> 00:06:06,030
See, we kind of in which kind of request that is posed with requests, so we have to open our box so

71
00:06:06,030 --> 00:06:11,070
that we can intercept the request and then we will modify it on this click on the box.

72
00:06:11,580 --> 00:06:12,540
So it is opening.

73
00:06:13,170 --> 00:06:14,630
So as you can see.

74
00:06:16,130 --> 00:06:24,490
It will take some time to just open, so before doing this, so as you can see, it is not taking off.

75
00:06:25,470 --> 00:06:27,300
So we have to make some changes here.

76
00:06:27,680 --> 00:06:31,310
Now we have to just rename it so.

77
00:06:36,630 --> 00:06:39,990
And press enter, so it is now Cupido fine.

78
00:06:40,530 --> 00:06:44,220
OK, so now let's get back to Amazin.

79
00:06:46,970 --> 00:06:54,950
And Bob suit, Bob Suit is opening and it just now front of us to start, Bob.

80
00:06:55,890 --> 00:07:00,200
OK, so before starting is just make it to.

81
00:07:02,460 --> 00:07:04,260
Please just make it to.

82
00:07:05,650 --> 00:07:06,290
Manual.

83
00:07:06,760 --> 00:07:07,180
OK.

84
00:07:08,770 --> 00:07:12,060
And then get back to it so you can see.

85
00:07:15,340 --> 00:07:15,990
Starting up.

86
00:07:19,590 --> 00:07:21,090
This is a very powerful tool.

87
00:07:23,330 --> 00:07:29,920
So just go to proxy and say it is fun and let's upload the file again.

88
00:07:31,660 --> 00:07:36,910
Is text of Senator GPG senator.

89
00:07:38,820 --> 00:07:40,680
So it is an intercepted request.

90
00:07:41,070 --> 00:07:42,320
So, as you can see.

91
00:07:44,080 --> 00:07:57,040
So this is a sell out and try to make some changes here, too, because in the last we have so that

92
00:07:57,040 --> 00:08:01,290
you can see your content, only these two things can be acceptable here.

93
00:08:01,770 --> 00:08:07,210
OK, so I would change it to be Rexy or Spinello.

94
00:08:08,220 --> 00:08:10,650
Forward the request, their suit as.

95
00:08:12,180 --> 00:08:16,950
It is uploaded, so this is how you can upload any particular file on a particular website if it is

96
00:08:16,950 --> 00:08:20,040
filtering something so you can use this kind of technique.

97
00:08:20,070 --> 00:08:22,050
It depends upon your mind and your creativity.

98
00:08:22,320 --> 00:08:24,930
OK, so now this is all for this video.

99
00:08:25,620 --> 00:08:26,730
And one more thing.

100
00:08:26,730 --> 00:08:30,060
One more thing if you want to just start.

101
00:08:32,350 --> 00:08:33,730
If you wanted to start.

102
00:08:36,200 --> 00:08:42,770
Contacting the desk if you want to just contact the server, so you have to see.

103
00:08:46,360 --> 00:08:46,970
Forward.

104
00:08:47,320 --> 00:08:58,980
OK, this copy the order and it's open revealing is the earlier and just password.

105
00:08:58,990 --> 00:09:00,750
One, two, three, four, Santa.

106
00:09:01,030 --> 00:09:02,840
So you can see they really started.

107
00:09:03,340 --> 00:09:05,410
So now you can do whatever you want to do.

108
00:09:05,410 --> 00:09:08,510
You and you can just run any dysphonia.

109
00:09:08,590 --> 00:09:13,390
So this is what I want to try to teach you.