Web Application Hacking - File Upload Attacks Explained
00:40 File uploads primer
03:33 Lab 1: Popcorn
08:59 Chaining vulnerabilities
10:02 Path traversal
16:55 Outro
Pentests & Security Consulting: https://tcm-sec.com
Get Trained: https://academy.tcm-sec.com
Get Certified: https://certifications.tcm-sec.com
Merch: https://merch.tcm-sec.com
Sponsorship Inquiries: [email protected]
📱Social Media📱
___________________________________________
Twitter: https://twitter.com/thecybermentor
Twitch: https://www.twitch.tv/thecybermentor
Instagram: https://instagram.com/thecybermentor
LinkedIn: https://www.linkedin.com/in/heathadams
TikTok: https://tiktok.com/@thecybermentor
Discord: https://discord.gg/tcm
💸Donate💸
___________________________________________
Like the channel? Please consider supporting me on Patreon:
https://www.patreon.com/thecybermentor
Support the stream (one-time): https://streamlabs.com/thecybermentor
Hacker Books:
Penetration Testing: A Hands-On Introduction to Hacking: https://amzn.to/31GN7iX
The Hacker Playbook 3: https://amzn.to/34XkIY2
Hacking: The Art of Exploitation: https://amzn.to/2VchDyL
The Web Application Hacker's Handbook: https://amzn.to/30Fj21S
Real-World Bug Hunting: A Field Guide to Web Hacking: https://amzn.to/2V9srOe
Social Engineering: The Science of Human Hacking: https://amzn.to/31HAmVx
Linux Basics for Hackers: https://amzn.to/34WvcXP
Python Crash Course, 2nd Edition: https://amzn.to/30gINu0
Violent Python: https://amzn.to/2QoGoJn
Black Hat Python: https://amzn.to/2V9GpQk
My Build:
lg 32gk850g-b 32" Gaming Monitor:https://amzn.to/30C0qzV
darkFlash Phantom Black ATX Mid-Tower Case: https://amzn.to/30d1UW1
EVGA 2080TI: https://amzn.to/30d2lj7
MSI Z390 MotherBoard: https://amzn.to/30eu5TL
Intel 9700K: https://amzn.to/2M7hM2p
G.SKILL 32GB DDR4 RAM: https://amzn.to/2M638Zb
Razer Nommo Chroma Speakers: https://amzn.to/30bWjiK
Razer BlackWidow Chroma Keyboard: https://amzn.to/2V7A0or
CORSAIR Pro RBG Gaming Mouse: https://amzn.to/30hvg4P
Sennheiser RS 175 RF Wireless Headphones: https://amzn.to/31MOgpu
My Recording Equipment:
Panasonic G85 4K Camera: https://amzn.to/2Mk9vsf
Logitech C922x Pro Webcam: https://amzn.to/2LIRxAp
Aston Origin Microphone: https://amzn.to/2LFtNNE
Rode VideoMicro: https://amzn.to/309yLKH
Mackie PROFX8V2 Mixer: https://amzn.to/31HKOMB
Elgato Cam Link 4K: https://amzn.to/2QlicYx
Elgate Stream Deck: https://amzn.to/2OlchA5
*We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.
Комментарии:
what if the web app changes this imag.php.png to a random name like 123xdsd155 and keeping the png extension
it means from image.php.png => 123xdsd155.png , anything before the whitlisted extension is renamed
Unfortunately the audio stream for this file is very very low I've tried it on the number of devices please when making a video boost your audio
Ответить
Good video very helpful
Ответить
We want ssrf and csrf video
Ответить
The path traversal combined with upload attacks is new to me, i like it
Ответить
You guys rock.. I'm learning heaps with ur videos. How can I get an internship at TCM security ??? 👂👂👂👊👊👊
Ответить
Another great lesson. Thanks, Alex!
Ответить
Awesome Video ♥️♥️♥️♥️
Ответить
nice username lol
Ответить
You guys are doing God's work. Thank you so much
Ответить
man the volume is too low it's frustrating. It should be at least twice as high and let us control it.
Ответить
But in 99% of the cases. Even if you can upload a php shell for example. There is no way to navigate to the php shell upload via url to even execute it. In a real life senario with pretty much all websites these days. Your not going to be able to access the php upload to even execute it.
Ответить
Thanks for the information 🛡️
Ответить
This series is just getting better, keep it coming!
Ответить
I'm happy with the new web hacking oriented videos. my wish would be that there are more videos of this kind based on the top 10 owasp 2021. good luck for the rest
Ответить
Nice one, I'm loving this series!
Ответить
These videos are great, but could you knock up the volume by like 20%? Just a tad quiet, other than that, excellent stuff!
Ответить
Great ❤ Thanks for the video..
Ответить
