? Subscribe to BBRE Premium: https://bbre.dev/premium
? The full article and database with those reports: https://members.bugbountyexplained.com/how-to-maximise-payouts-for-file-disclosure-bugs-file-disclosure-case-study/
✉️ Sign up for the mailing list: https://bbre.dev/nl
? Follow me on twitter: https://bbre.dev/tw

This video presents an analysis of disclosed bug bounty reports about write-based path traversal vulnerabilities. Specifically, it’s about what files you should write to show the maximum impact of a path traversal like this, ideally escalating it to RCE.

? Get $100 in credits for Digital Ocean: https://bbre.dev/do

Report:
Reporter’s twitter:
Follow me on twitter:

Timestamps:

00:00 Intro
01:29 Writing any file but outside safe directory
06:09 Shell upload
09:35 Shell upload alternative in technologies like Node.js, Golang, Python or Ruby – template overwrite
13:35 .ssh/authorized_keys

Add comment

Your email address will not be published. Required fields are marked *