In this video, we cover Lab #7 in the SSRF module of the Web Security Academy. The site uses analytics software which fetches the URL specified in the Referer header when a product page is loaded. To solve the lab, we use this functionality to perform a blind SSRF attack against an internal server in the 192.168.0.X range on port 8080. In the blind attack, we use a Shellshock payload against the internal server to exfiltrate the name of the OS user.
β¬ β¨ Support Me β¨ β¬β¬β¬β¬β¬β¬β¬β¬β¬β¬
Buy my course: https://bit.ly/30LWAtE
β¬ π Contents of this video π β¬β¬β¬β¬β¬β¬β¬β¬β¬β¬
00:00 - Introduction
00:14 - Web Security Academy Course (https://bit.ly/30LWAtE)
01:25 - Navigation to the exercise
02:08 - Understand the exercise and make notes about what is required to solve it
03:34 - Exploit the lab manually
13:39 - Summary
13:41 - Thank You
β¬ π Links π β¬β¬β¬β¬β¬β¬β¬β¬β¬β¬
Notes.txt document: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/ssrf/lab-07/notes.txt
Web Security Academy Exercise Link: https://portswigger.net/web-security/ssrf/blind/lab-shellshock-exploitation
Rana's Twitter account: https://twitter.com/rana__khalil
14 Comments