mirror of
https://github.com/EdOverflow/bugbounty-cheatsheet.git
synced 2024-11-22 11:03:14 +00:00
Add Werkzeug arbitrary code execution.
This commit is contained in:
EdOverflow
GitHub
parent
e369876ec7
commit
bb13526eab
1 changed files with 12 additions and 0 deletions
12
README.md
12
README.md
|
|
@ -89,6 +89,18 @@ http://[::]
|
||||||
%0d%0aContent-Length:35%0d%0aX-XSS-Protection:0%0d%0a%0d%0a23%0d%0a<svg%20onload=alert(document.domain)>%0d%0a0%0d%0a/%2e%2e
|
%0d%0aContent-Length:35%0d%0aX-XSS-Protection:0%0d%0a%0d%0a23%0d%0a<svg%20onload=alert(document.domain)>%0d%0a0%0d%0a/%2e%2e
|
||||||
```
|
```
|
||||||
|
|
||||||
|
# RCE
|
||||||
|
|
||||||
|
**Werkzeug Debugger**
|
||||||
|
|
||||||
|
Find somewhere where user input can be supplied and submit the following string to cause an error:
|
||||||
|
|
||||||
|
```
|
||||||
|
strіng
|
||||||
|
```
|
||||||
|
|
||||||
|
If the target is running their application in debug mode you might be able to run commands. If you are running the target locally, you can probably brute-force the debugger PIN. The debugger PIN is always in the following format: `***-***-***`.
|
||||||
|
|
||||||
## Crypto
|
## Crypto
|
||||||
|
|
||||||
**MD5 Collision Strings**
|
**MD5 Collision Strings**
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue