Myvideo

Guest

Login

Finding 0day in Apache APISIX During CTF (CVE-2022-24112)

Uploaded By: Myvideo
1 view
0
0 votes
0
AboutShareDownloadAdd to

In this video we perform a code audit of Api6 and discover a default configuration that can be escalated to remote code execution. CVE-2022-24112: GitLab: Challenge files: Chapters: 00:00 - Intro 01:09 - Initial Application Overview 02:15 - Discussing Approaches 03:56 - Reading Documentation 04:57 - Initial Attack Idea 06:15 - Identifying Attack Surface 08:46 - Discovering Batch Requests 09:18 - Bypassing X-Real-IP Header 10:15 - Testing the Exploit 11:11 - Reporting the Issue 12:16 - Outro -=[ ❤️ Support ]=- → per Video: → per Month: -=[ 🐕 Social ]=- → Twitter: → Instagram: → Blog: → Subreddit: https

Share with your friends

Link:

Embed:

Video Size:

Custom size:

x
Share this video

Copy Link:

Google Plus

Add to Playlist:

Favorites
My Playlist
Watch Later
Add to
Favorites
My Playlist
Watch Later
Similar VideosComments
Finding a three 0-day exploit chain in Ivanti EPMM and Ivanti Sentry - Tor E. BjrstadWatch Video
8 months ago
00:58:23
Finding a three 0-day exploit chain in Ivanti EPMM and Ivanti Sentry - Tor E. Bjrstad
6 22%
100 Days in Minecraft: BetaWatch Video
9 months ago
00:47:11
100 Days in Minecraft: Beta
1 74%
#HITB2023HKT D1T1 - Extracting Info From Automotive Internet Units - A. Kondikov & Y. SerdyukWatch Video
1 year ago
00:32:36
#HITB2023HKT D1T1 - Extracting Info From Automotive Internet Units - A. Kondikov & Y. Serdyuk
1 7%
Bandimere Speedway CLOSES! Midnight Purple Chevy + 200MPH RECORD PASS! (RMRW Day 5 & 6)Watch Video
1 year ago
01:21:33
Bandimere Speedway CLOSES! Midnight Purple Chevy + 200MPH RECORD PASS! (RMRW Day 5 & 6)
1 29%
1500hp R35 GTR, Roadside HORROR Stories, LOTS MORE! (RaceWeek 2.0 Day 4)Watch Video
1 year ago
00:56:54
1500hp R35 GTR, Roadside HORROR Stories, LOTS MORE! (RaceWeek 2.0 Day 4)
1 57%
INSANE 1945 TT Diesel RAT ROD + 400 mile TORTURE test (RaceWeek 2.0 Days 2 & 3)Watch Video
1 year ago
01:28:39
INSANE 1945 TT Diesel RAT ROD + 400 mile TORTURE test (RaceWeek 2.0 Days 2 & 3)
3 32%
HospitalRun Local Root ExploitWatch Video
1 year ago
00:20:48
HospitalRun Local Root Exploit
1 55%
Kitten Cam 9.0 - Day 34 - Ladybug and her 4 kittensWatch Video
1 year ago
11:54:59
Kitten Cam 9.0 - Day 34 - Ladybug and her 4 kittens
1 74%
Balto/Spirit Crossover: What I've Done ~ FINISHED.Watch Video
2 years ago
00:03:29
Balto/Spirit Crossover: What I've Done ~ FINISHED.
1 62%
Is it possible to detect Zero Day vulnerabilities with Vulnerability Management solutionsWatch Video
2 years ago
00:07:20
Is it possible to detect Zero Day vulnerabilities with Vulnerability Management solutions
445 54%
EAST2WEST BTS () - Fake Love Dance CoverWatch Video
2 years ago
00:04:38
EAST2WEST BTS () - Fake Love Dance Cover
1 20%
DEF CON 30 - Sam Quinn, Steve Povolny - Perimeter Breached Hacking an Access Control SystemWatch Video
2 years ago
00:43:10
DEF CON 30 - Sam Quinn, Steve Povolny - Perimeter Breached Hacking an Access Control System
1 93%
Diesel Corvettes with BILLET Cummins engines!Watch Video
2 years ago
00:23:38
Diesel Corvettes with BILLET Cummins engines!
7 25%
Finding 0day in Apache APISIX During CTF (CVE-2022-24112)Watch Video
3 years ago
00:12:41
Finding 0day in Apache APISIX During CTF (CVE-2022-24112)
1 95%
0 Comments
Guest