Troubleshooting failed RCE Payloads by Debugging Python Web Applications - Noter Beyond Root
00:00 - Intro
00:45 - Copying the webapp from the server to my local box
02:55 - Intalling the required modules to run the pip modules and running the website locally
03:30 - Using SSH Port forwarding to forward MySQL, so we don't have to setup a database
04:30 - Changing localhost in the web code to 127.0.0.1 which magically fixes an issue we had connecting to the database
05:20 - Getting an administrative login, registering a new user and then updating their role
07:45 - Running Visual Studio Code which gives us a nice debugger
09:20 - Creating a test payload and seeing why it fails
10:50 - Going over what $'' is and why it prevented our command execution if we didn't escape it
12:40 - When sending over the single quote, it is html encoded. Editing variables in the debugger to make sure if we bypass this stage we would have command execution
14:20 - Intercepting the request in BurpSuite and discovering the HTML Encoding is done client side, by editing the request we can get RCE!
Смотрите видео Troubleshooting failed RCE Payloads by Debugging Python Web Applications - Noter Beyond Root онлайн, длительностью часов минут секунд в хорошем качестве, которое загружено на канал IppSec 06 Сентябрь 2022. Делитесь ссылкой на видео в социальных сетях, чтобы ваши подписчики и друзья так же посмотрели это видео. Данный видеоклип посмотрели 7,389 раз и оно понравилось 340 посетителям.
![Is A 360Hz Monitor Worth It For Gaming? [Simple]](https://images.reviewsvideo.ru/videos/GMQM75HnW1I)
