I legally defaced this website.

As someone who works in the reliability engineering team of a medium-sized corp, this is literally one of my worst nightmares. People don't realise how easy it is to create vulnerabilities in bigger projects.

As a Junior offensive cybersec student this was so informational. I loved the methodical method you explained and really liked to watch the whole process. I always struggle to find good methodical aproches from where to start and how to deal with roadblocks when trying to sort things out. Hope to see more of this on your channel <3

Ur Channel is underrated. Please dont stop posting, I know your channel will blow up one day.

Another solution instead of the file api could be to name the file ”0.php%00%.jpeg”. The check might be looking for the filename to end with .jpeg but in some versions of php when php writes the file to disk it looks for the first null character in the filename to know when it’s “done”. That way “0.php%00%.jpeg” becomes “0.php”

If you would want to secure that, an API shouldn't take a file as an input, you should store any user-uploaded files with an ID that you store in a database and have the API reference that ID to find the file. That's already the whole "access any file on the system" issue fixed. Then, you should make sure that the API is the only thing that can access those user-uploaded files, and you should make sure the code behind your API treats the data as a string and doesn't execute it. It is also generally good practice to have every admin page locked with a secure, hashed password, and if you want to go above and beyond the server should only take requests from your private key, any incorrectly encrypted requests should be ignored as they didn't come from your key.

Can’t wait to use this knowledge for “protecting my website”

to think all of this can be mostly protected by ratelimiting the user and not letting them send thousands of requests in a few minutes

As someone who's currently developping a pretty big web app these videos always scare the shit outta me man ! I am pretty confident that I'm able to produce "safe" code but, the fear's always present. Love the content tho <3

Man this was straight Information, No Stupid Intro, No Freaking, Direct Knowledge❤

Your channel is so underrated , LOVE IT

The File API should have been configured to only give access to specific folders. For the upload API you could search for code symbols etc. Also a cooldown for login attempts would slow down such bruteforce attacks. But this was a very good and informational video. Also a follow up video where you would go into detail on how to prevent such exploitation would be great.

It's so nice to watch, especially when I know most of the stuff you used or did, but would've never thought about using it :)

"Be a developer first, before being a hacker" — my mentor

amazing content , gives a lot of insights on exactly whats going on in the websites

Haha, it is like some real world CTF I use to do, and some steps where similar... man, this kind of stuff is what I like to watch so I can memorize it again, and not forget about it.

i started studying cyber sec a couple months ago and your channel is a gem, really keeps me motivated as a see the things i'm learning being applied and it helps a lot with piecing together an image. Thanks a lot for sharing this :)

You had access to an anonymous FTP server. I believe you could have uploaded a PHP backdoor and used the LFI to include the script.

What i understand is this is not simple you have lots of knowledge and better understanding what are you doing with files and how you read error increadible salute sir❤

Especially of you're a developer, you should just use static site generation or write a HTML site from scratch, for a simple site like this. Static HTML allows for no attack surface and even a default config web server on an up to date, reasonably secured Linux system, should provide practically no attack surface.

well, underrated AF, keep it going man! Apreciating your content