Overview
Learn how to exploit a 403 bypass and deserialization vulnerability in a detailed video walkthrough of the "Summar-AI-ze" web challenge. Master techniques for bypassing access restrictions using X-Forwarded-For HTTP headers, gain unauthorized beta access, and leverage the CVE-2024-2912 vulnerability in BentoML for code execution. Follow along with practical demonstrations using Burpsuite, explore session handling rules, and discover methods for identifying and exploiting pickle deserialization vulnerabilities. Gain hands-on experience with automating exploits in Python and understand the complete attack chain from initial reconnaissance to flag exfiltration using curl.
Syllabus
Intro
Burpsuite config
Explore functionality
Identify hidden/disabled endpoint
403 bypass burp extension
Beta panel access
Session handling rules in burp
Discover BentoML library
Pickle deserialization
Exfiltrating the flag
Automating exploit with python
Summary
Conclusion
Taught by
CryptoCat