mirror of
https://github.com/EdOverflow/bugbounty-cheatsheet.git
synced 2024-11-24 20:13:06 +00:00
Add explanation and PoC for FFmpeg LFD
This commit is contained in:
parent
07e3346ecb
commit
beb7e19ffb
1 changed files with 14 additions and 0 deletions
|
@ -21,3 +21,17 @@
|
|||
```
|
||||
/%5c..
|
||||
```
|
||||
|
||||
**FFmpeg Local File Disclosure**
|
||||
|
||||
This [script](https://github.com/neex/ffmpeg-avi-m3u-xbin/blob/master/gen_xbin_avi.py) by @neex can be used to disclose local files on FFmpeg hosts which parse externally-referencing [HLS playlists](https://ffmpeg.org/ffmpeg-formats.html#hls-2).
|
||||
|
||||
_Steps to reproduce_
|
||||
|
||||
1. Please download the script from @neex to your "attacker" instance
|
||||
2. Execute the script with your desired parameters: `python3 gen_xbin_avi.py file:///etc/hostname bugbounty.avi`
|
||||
3. Upload the generated AVI file to your target site (e.g. within a 'video upload page')
|
||||
4. The target may process the malicious HLS inclusion with FFmpeg on the server-side.
|
||||
5. Play the uploaded AVI via the target site. If successful, your desired file will be disclosed within the video.
|
||||
|
||||
Alternative scripts exist which may generate different HLS formats or lead to the desired file being disclosed in a different manner.
|
||||
|
|
Loading…
Reference in a new issue