help@cyb4rgeek.xyz

+1 (512) 588 6950

Discovering vulnerabilities quickly with targeted scanning — Portswigger

Home/Discovering vulnerabilities qu...
Discovering vulnerabilities quickly with targeted scanning — Portswigger

Discovering vulnerabilities quickly with targeted scanning — Portswigger

This lab contains a vulnerability that enables you to read arbitrary files from the server. To solve the lab, retrieve the contents of /etc/passwd within 10 minutes | Approach

Discovering vulnerabilities quickly with targeted scanning — Portswigger

Lab: Discovering vulnerabilities quickly with targeted scanning | Web Security Academy

Let’s Start — You have to solve the lab in 10 Minutes

Access the Lab, Turn on the Proxy, and Turn off your Intercept in Burpsuite

Now notice the Content list of HTTP history in the Proxy tab, you can see that there is a request /product/stockfrom that the Parameter ProductID is an endpoint to test.

Discovering vulnerabilities quickly with targeted scanning — Portswigger

Right-click on /product/stock→ Do Active Scan
Try to Change the Parameters to various values

Discovering vulnerabilities quickly with targeted scanning — Portswigger
Discovering vulnerabilities quickly with targeted scanning — Portswigger

The scanner found an Out-of-band resource load on /product/stock

Discovering vulnerabilities quickly with targeted scanning — Portswigger
Discovering vulnerabilities quickly with targeted scanning — Portswigger

It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response.

  • Send the Request to the Repeater
  • Add the below Payload in ProductID Parameter
<foo xmlns:xi="http://www.w3.org/2001/XInclude"><xi:include parse="text" href="file:///etc/passwd"/></foo>
Discovering vulnerabilities quickly with targeted scanning — Portswigger

Send the Request, Now you can able to view the /etc/passwd

Discovering vulnerabilities quickly with targeted scanning — Portswigger

Feel Free to Ask Queries via LinkedIn and to Buy me a Cofee : )

Discovering vulnerabilities quickly with targeted scanning — Portswigger

Thank you for Reading!!

Happy Hunting ~

Author: Karthikeyan Nagaraj ~ Cyberw1ng

Discovering vulnerabilities quickly with targeted scanning — Portswigger


Discovering vulnerabilities quickly with targeted scanning — Portswigger was originally published in InfoSec Write-ups on Medium, where people are continuing the conversation by highlighting and responding to this story.

Leave a Reply