Possibly Related Threads…

0xdaniii · Jan 25, 2025, 08:12 PM

(Jan 25, 2025, 08:06 PM)BFischer Wrote: Where is that SSRF?

idk but i guess user needs to upload image to get ssrf

potato_moose · Jan 25, 2025, 08:19 PM

Maybe this article will help...
https://medium.com/tenable-techblog/word...ecb5575ed8

Has anybody tried this?

StingEm · Jan 25, 2025, 08:26 PM

(Jan 25, 2025, 08:19 PM)potato_moose Wrote: Maybe this article will help...
https://medium.com/tenable-techblog/word...ecb5575ed8

Has anybody tried this?

Yes - but so far I just keep getting errors - I am going thru the code now.

kokot0kokot0kokot0 · Jan 25, 2025, 08:27 PM

(Jan 25, 2025, 08:19 PM)potato_moose Wrote: Maybe this article will help...
https://medium.com/tenable-techblog/word...ecb5575ed8

Has anybody tried this?

Tried not work for me

maggi · Jan 25, 2025, 08:30 PM

(Jan 25, 2025, 08:19 PM)potato_moose Wrote: Maybe this article will help...
https://medium.com/tenable-techblog/word...ecb5575ed8

Has anybody tried this?

Yes....
I am thinking its get admin dash then upload plugin then deserialize?

samuelballsiu1 · Jan 25, 2025, 08:34 PM

{"status":"FAILED","response":"File type is not allowed."}

testex · (This post was last modified: Jan 25, 2025, 08:43 PM by testex.)

http://blog.bigbang.htb/wp-login.php/ login page

http://blog.bigbang.htb/wp-login.php/ login page
Kappa

pyfffe · Jan 25, 2025, 08:50 PM

(Jan 25, 2025, 08:19 PM)potato_moose Wrote: Maybe this article will help...
https://medium.com/tenable-techblog/word...ecb5575ed8

Has anybody tried this?

It seems, but I didn't find a public call chain for insecure deserialization. phpggc didn't help

thedubb1313 · Jan 25, 2025, 09:00 PM

there's this

https://www.ambionics.io/blog/iconv-cve-2024-2961-p1

I think we have to go after the file read vuln

nothing0112358 · Jan 25, 2025, 09:21 PM

(Jan 25, 2025, 09:00 PM)thedubb1313 Wrote: there's this

https://www.ambionics.io/blog/iconv-cve-2024-2961-p1

I think we have to go after the file read vuln

Agreed, big question is how to write his binary to web exploit ... We need to adapt cnext-exploit.py

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	[FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags	Techtom	47	3,732	1 hour ago Last Post: Stiv1212
	[MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot	htb-bot	98	9,077	Yesterday, 08:05 PM Last Post: Zacker90
	SVCHOST Injector 2026	opsecmaster67	0	95	Yesterday, 01:41 PM Last Post: opsecmaster67
	Cold Seal 5.6 cracked Sensitive information can be exposed or stolen	opsecmaster67	0	81	Yesterday, 01:38 PM Last Post: opsecmaster67
	EagleRAT v2.5 Create backdoor access points	opsecmaster67	0	75	Yesterday, 01:37 PM Last Post: opsecmaster67