00:00 - Intro
00:45 - Copying the webapp from the server to my local box
02:55 - Intalling the required modules to run the pip modules and running the website locally
03:30 - Using SSH Port forwarding to forward MySQL, so we don't have to setup a database
04:30 - Changing localhost in the web code to 127.0.0.1 which magically fixes an issue we had connecting to the database
05:20 - Getting an administrative login, registering a new user and then updating their role
07:45 - Running Visual Studio Code which gives us a nice debugger
09:20 - Creating a test payload and seeing why it fails
10:50 - Going over what $'' is and why it prevented our command execution if we didn't escape it
12:40 - When sending over the single quote, it is html encoded. Editing variables in the debugger to make sure if we bypass this stage we would have command execution
14:20 - Intercepting the request in BurpSuite and discovering the HTML Encoding is done client side, by editing the request we can get RCE!
Support the originator by clicking the read the rest link below.
