How I Get ZeroDay Attack UFU leads to RCE on one of the Vendors.

ZeroDay Attack

Little Story

Steps to Reproduce

  1. Here I get a file upload form to fill in our account profile picture
aaaahhhh cute
Requests
Responses
Good start~
Because the server used is “Microsoft-IIS” so I just tried the extension from ASP
Hmmmmm
Remote Code Execution | I love it!!!!!❤❤

Timeline

  1. I report this bug to the owner of the affected website
  2. I don’t know why I suddenly received an email from one of the developers from the software owner (Vendor) affected by this attack, And they want to send gifts to me.
Yeayyyyyyy!!!

Reference

Follow Me

--

--

--

No One Knows Who I Am

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Cloud Anxiety in the Enterprise: Why companies are missing the blindspot

How to Fix a Hacked WordPress Site: A Step-by-Step Guide on Identifying and Removing Malware

JunctionX Asia — the event that brought people together to hack the reCOVery.

Milestone unlocked. Stronger 70,000 community members. Lets come together now.

Installing BTCPayServer on an Intel NUC

Can Blockchain and GDPR Co-Exist? — (Part 9)

[User Guide] How to use the SIX Bridge for ICO SIX tokens to Klaytn SIX tokens

COG Genesis and Fusion officially released

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Caesar Evan Santoso

Caesar Evan Santoso

No One Knows Who I Am

More from Medium

PerSwaysion Threat Actor Updates Their Techniques and Infrastructure

AlbusSecurity:- Penetration-list 01 Information Disclosure — Part 1

HTB: Writeup — Forge

How did I find Log4j vulnerability via Static Code Analysis and receive €€€ bounty?