Short Summary
The video discusses the testing and exploitation of file upload vulnerabilities, specifically focusing on a vulnerability known as “zip slip.” The presenter elaborates on how this vulnerability can be exploited to replace files on a server by leveraging path traversal within zip files.
Key Points
- Importance of testing file uploads for vulnerabilities.
- File types like zip, docx, and PowerPoint allow for various attacks post-upload.
- Introduction to the “zip slip” vulnerability, which allows overwriting files in different directories.
- Demonstration of creating a proof of concept (POC) using Python and chat GPT.
- Explanation of how to name files to take advantage of path traversal.
- How to use Sneak to scan projects for vulnerabilities, including zip slip.
- Real-world application of exploiting a zip slip vulnerability during a penetration test.
- Discussion of alternative methods to exploit vulnerabilities beyond zip slip.
- Encouragement for viewers to engage with the content and provide feedback.
- Conclusion and invitation to the audience to like and subscribe for more content.
Youtube Video: https://www.youtube.com/watch?v=4sKlbMiGWAw
Youtube Channel: NahamSec
Video Published: 2024-09-30T13:00:05+00:00
Video Description:
Check out Snyk , ππΌ snyk.co/nahamsec
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! π
π If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training
π» If you want to practice some of my free labs and challenges: https://app.hackinghub.io
π΅ FREE $200 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
π LINKS:
π MY FAVORITE BOOKS:
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2
Hacking APIs: Breaking Web Application Programming Interfaces – https://amzn.to/45g4bOr
Black Hat GraphQL: Attacking Next Generation APIs – https://amzn.to/455F9l3
πΏ WATCH NEXT:
If I Started Bug Bounty Hunting in 2024, I’d Do this – https://youtu.be/z6O6McIDYhU
2023 How to Bug Bounty – https://youtu.be/FDeuOhE5MhU
Bug Bounty Hunting Full Time – https://youtu.be/watch?v=ukb79vAgRiY
Hacking An Online Casino – https://youtu.be/watch?v=2eIDxVrk4a8
WebApp Pentesting/Hacking Roadmap – https://youtu.be/watch?v=doFo0I_KU0o
MY OTHER SOCIALS:
π My website – https://www.nahamsec.com/
π¨βπ» My free labs – https://app.hackinghub.io/
π¦ Twitter – https://twitter.com/NahamSec
πΈ Instagram – https://instagram.com/NahamSec
π¨βπ» Linkedin – https://www.linkedin.com/in/nahamsec/
WHO AM I?
If we haven’t met before, hey π! I’m Ben, most people online know me online as NahamSec. I’m a hacker turned content creator. Through my videos on this channel, I share my experience as a top hacker and bug bounty hunter to help you become a better and more efficient hacker.
FYI: Some of the links I have in the description are affiliate links that I get a a percentage from.
#cybersecurity #hacking #bugbounty