Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

403 Bypass and Deserialization Vulnerability Exploitation in BentoML

CryptoCat via YouTube

Overview

Learn how to exploit a 403 bypass and deserialization vulnerability in a detailed video walkthrough of the "Summar-AI-ze" web challenge. Master techniques for bypassing access restrictions using X-Forwarded-For HTTP headers, gain unauthorized beta access, and leverage the CVE-2024-2912 vulnerability in BentoML for code execution. Follow along with practical demonstrations using Burpsuite, explore session handling rules, and discover methods for identifying and exploiting pickle deserialization vulnerabilities. Gain hands-on experience with automating exploits in Python and understand the complete attack chain from initial reconnaissance to flag exfiltration using curl.

Syllabus

Intro
Burpsuite config
Explore functionality
Identify hidden/disabled endpoint
403 bypass burp extension
Beta panel access
Session handling rules in burp
Discover BentoML library
Pickle deserialization
Exfiltrating the flag
Automating exploit with python
Summary
Conclusion

Taught by

CryptoCat

Reviews

Start your review of 403 Bypass and Deserialization Vulnerability Exploitation in BentoML

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.