https://stream.echo6.co/videos/watch/703f6f1a-7065-4e45-ae7c-4ec3e9067282 00:00 - Introduction 01:00 - Start of nmap 01:50 - Examining the cookie, measuring entropy with ent 04:30 - Testing the Contact Support form, putting HTML in the message triggers Hacking Attempt Detected 06:00 - Examining the /dashboard, playing with the cookie to see if we can view it 07:20 - Testing the Hacking Attempt Detected message for XSS 11:00 - Creating an XSS Payload to steal the cookie via fetch 14:40 - Replaying the cookie gets us into the Dashboard, finding command injection in the Generate Report 17:00 - Reverse shell returned 18:10 - Discovering DVIR can run Syscheck which is a bash script with a bash injection vulnerability and getting root 21:30 - Beyond root! Talking about how you can exfil HTTPONLY cookies if you find a page that replays the headers 23:50 - Start of creating a Javascript Payload to fetch a page and send it back to us 36:50 - Script finished, we can now control the users browser and send the page back to us 39:15 - Changing the Javascript payload to perform the injection on Generate Report for us so we get RCE on the webserver via XSS Wed, 15 Apr 2026 09:45:41 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/703f6f1a-7065-4e45-ae7c-4ec3e9067282 All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.