How to turn a write-based path traversal into a critical? – Bug bounty case study
? The full article and database with those reports: https://members.bugbountyexplained.com/how-to-maximise-payouts-for-file-disclosure-bugs-file-disclosure-case-study/
✉️ Sign up for the mailing list: https://bbre.dev/nl
? Follow me on twitter: https://bbre.dev/tw
This video presents an analysis of disclosed bug bounty reports about write-based path traversal vulnerabilities. Specifically, it’s about what files you should write to show the maximum impact of a path traversal like this, ideally escalating it to RCE.
? Get $100 in credits for Digital Ocean: https://bbre.dev/do
Report:
Reporter’s twitter:
Follow me on twitter:
Timestamps:
00:00 Intro
01:29 Writing any file but outside safe directory
06:09 Shell upload
09:35 Shell upload alternative in technologies like Node.js, Golang, Python or Ruby – template overwrite
13:35 .ssh/authorized_keys
Add comment