PHP include and bypass SSRF protection with two DNS A records - 33c3ctf list0r (web 400)

Channel:
United States LiveOverflow
Subscribers:
921,000
Published on ● Video Link: https://www.youtube.com/watch?v=PKbxK2JH23Y


Duration: 9:03
36,206 views
968

Easy solution of list0r web challenge from the 33c3ctf thanks to unintended bugs in the challenge.

Join the discussion: https://www.reddit.com/r/LiveOverflow/comments/5p5yci/php_include_and_bypass_ssrf_protection_with_two/

-=[ ❀️ Support ]=-

β†’ per Video: https://www.patreon.com/join/liveoverflow
β†’ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ πŸ• Social ]=-

β†’ Twitter: https://twitter.com/LiveOverflow/
β†’ Website: https://liveoverflow.com/
β†’ Subreddit: https://www.reddit.com/r/LiveOverflow/
β†’ Facebook: https://www.facebook.com/LiveOverflow/

#CTF #WebSecurity



Other Videos By LiveOverflow


2017-03-12What do Nintendo Switch and iOS 9.3 have in common? CVE-2016-4657 walk-through
2017-03-10SHA1 length extension attack on the Secure Filesystem - rhme2 Secure Filesystem (crypto 100)
2017-03-05Using UART / Serial to interact with an embedded device - rhme2 Setup
2017-03-03riscure embedded hardware CTF is over - loopback 0x03
2017-02-25Developing an intuition for binary exploitation - bin 0x20
2017-02-17Showing various security issue of the Wifi-Cloud Hub
2017-02-14GynvaelEN Hacking Livestreams and how stack cookies work
2017-02-10How safe is a Wifi Cloud Hub Router (from hackers)?
2017-02-03Bash injection without letters or numbers - 33c3ctf hohoho (misc 350)
2017-01-27[Live] A basic Heap Feng Shui intro - 33c3ctf babyfengshui (pwn 150)
2017-01-20PHP include and bypass SSRF protection with two DNS A records - 33c3ctf list0r (web 400)
2017-01-13Format String to dump binary and gain RCE - 33c3ctf ESPR (pwn 150)
2017-01-06How to learn hacking? ft. Rubber Ducky
2016-12-30Rooting a CTF server to get all the flags with Dirty COW - CVE-2016-5195
2016-12-27LiveOverflow Channel Trailer
2016-12-23Riscure Embedded Hardware CTF setup and introduction - rhme2 Soldering
2016-12-20[Live] Remote oldschool dlmalloc Heap exploit - bin 0x1F
2016-12-16Remote format string exploit in syslog() - bin 0x1E
2016-12-13First remote root exploit - bin 0x1D
2016-12-09Linux signals and core dumps - bin 0x1C
2016-12-06Celebrating 10.000 subscribers with a small Q&A - loopback 0x02


Tags:
Live Overflow
liveoverflow
hacking tutorial
how to hack
exploit tutorial
SSRF
php include
php nullbyte
bypass ip check
ssrf localhost
leak php code
php exploit
curl dns rebind
dns rebinding
curl setopt
php curl exploit
php base64 filter
php wrapper exploit
list0r
33c3
33c3ctf
33c3 ctf
web challenge
cpature the flag
web hacking
website hacking
list web app
web app hacking
web app php exploit
hack php
server side
request forgery
dnsrebind