Y

YouLibs

Remove Touch Overlay

Finding 0day in Apache APISIX During CTF (CVE-2022-24112)

Duration: 12:41Views: 65.5KLikes: 3.7KDate Created: Mar, 2022

Channel: LiveOverflow

Category: Science & Technology

Tags: web hackingliveoverflow0-dayreal world ctfcapture the flagrealworld ctfmicroserviceslive overflowhacking tutorialreal worldctfhttp headerssrfapi keyvulnerabilityhow to hackexploit tutorialx-real-iprealistic ctfbugzerodaysecurity research0dayserver side request forgerypentestadmin apizero day

Description: In this video we perform a code audit of Api6 and discover a default configuration that can be escalated to remote code execution. CVE-2022-24112: seclists.org/oss-sec/2022/q1/133 GitLab: liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018 Challenge files: github.com/chaitin/Real-World-CTF-4th-Challenge-Attachments/tree/master/API6 Chapters: 00:00 - Intro 01:09 - Initial Application Overview 02:15 - Discussing Approaches 03:56 - Reading Documentation 04:57 - Initial Attack Idea 06:15 - Identifying Attack Surface 08:46 - Discovering Batch Requests 09:18 - Bypassing X-Real-IP Header 10:15 - Testing the Exploit 11:11 - Reporting the Issue 12:16 - Outro -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow

Swipe Gestures On Overlay
Home
Channels
All Videos
Categories
Tags
Related
Infinite Masonry

Related

Sorts:
Filters:
CategoryChannelDate CreatedDurationLikesPopularityTagsTitleViews
1-10mins10-30mins30mins+past weekpast monthpast year2021-20242015-2020
  • Platform for Scalable Web Apps | How I built my website with KubernetesDevon Crawford08:24Jan, 2019788.4Kbackgroundvideo thumbnail for: Platform for Scalable Web Apps | How I built my website with Kubernetes
  • Learning a new Programming Language | Developer Vlog (Backend Microservices)Devon Crawford08:01Nov, 2018654.7Kbackgroundvideo thumbnail for: Learning a new Programming Language | Developer Vlog (Backend Microservices)
  • you need to learn Load Balancing RIGHT NOW!! (and put one in your home network!)NetworkChuck42:42Jun, 2021601.1Kbackgroundvideo thumbnail for: you need to learn Load Balancing RIGHT NOW!! (and put one in your home network!)
  • Downloading My Private Google Data, this is what I foundDevon Crawford10:41Apr, 20191.4Mbackgroundvideo thumbnail for: Downloading My Private Google Data, this is what I found
  • [SFM] TO DEFEAT A MASTER!Hoovy Tube28:14Apr, 20212.5Mbackgroundvideo thumbnail for: [SFM] TO DEFEAT A MASTER!
  • [SFM] FORTNITE VS. TF2Hoovy Tube20:19Jul, 201912.8Mbackgroundvideo thumbnail for: [SFM] FORTNITE VS. TF2
  • Why The Death Note Would FAIL!The Imaginary Axis17:58Sep, 20172.1Mbackgroundvideo thumbnail for: Why The Death Note Would FAIL!
  • Unreal Tournament 22 Years Later: An LGR RetrospectiveLGR22:39Jun, 2021510.1Kbackgroundvideo thumbnail for: Unreal Tournament 22 Years Later: An LGR Retrospective
  • Nerf Capture the flag: Rival (red vs blue)Laliberte Cinemas05:10Jul, 20171.2Mbackgroundvideo thumbnail for: Nerf Capture the flag: Rival (red vs blue)
  • Nerf War: Capture the BagGoober Media04:05Jun, 201521.3Mbackgroundvideo thumbnail for: Nerf War: Capture the Bag
    • Items shown
    to: 10
    of:999
    123...100