https://stream.echo6.co/videos/watch/29e7c505-3f65-45b0-8854-168c329bbb17 00:00 - Introduction 00:52 - Start of nmap, look at 404 errors to discover it is flask 03:30 - Logged into the application, uploading an XML and XSLT to look at the converter 05:45 - Attempting to use XXE to get File Disclosure, which doesn't work 09:10 - Discovering the source code to the web application is on the about page, running it on localhost which makes it easier to identify why exploits fail 13:20 - Exploiting the Path Traversal vulnerability, due to putting user data in os.path.join(), this write files anywhere the webserver has permission to 16:25 - Looking at documentation of the webapp, shows there is a cron executing python scripts in /var/www/conversor/scripts, write a file there to get RCE 20:28 - Showing the XSLT Injection to write files to the server 30:55 - Can run NeedRestart with sudo, which is a GTFOBin, looking at sudoers file it shows how this was overlooked 33:00 - Exploiting CVE-2024-48990 which is a vulnerability against NeedRestart below version 3.7 Mon, 13 Apr 2026 11:50:31 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/29e7c505-3f65-45b0-8854-168c329bbb17 All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.