XXE Injection to Database Takeover | CVE-2021-29447 | RCE |

Disclaimer: This video is only for educational purpose.

XXE Injection to Database Takeover | CVE-2021-29447 | RCE |

This video covers a recent vulnerability of Wordpress that allows attacker to perform XXE injection which lead to SSRF and eventually Remote Code Execution

Theroy of XML: 0:00
Hacking Time: 1:53
XML Payloads: 6:43
Hope you enjoy this video.

Post Exploitation
XXE (XML External Entity Injection)
SSRF (Server Side Request Forgery )
RCE (Remote Code Execution)
MYSQL

Reverse shell : https://pentestmonkey.net/tools/web-s...

TryHackMe: https://tryhackme.com/room/wordpressc...

Social Media:

Twitter:   / medusa_0xf  

#hacking #tryhackme #ctf #database #wordpress #bughunting #pentesting #hacking #hackingtools #burpsuite #portswigger #ethicalhacking #webhacking #bughunting #xxe #xml #tryhackme #hackthebox ##xxs #programming #websecurity #youtube #education #computer #science #sqlinjection #mysql #technology #practical #artificialintelligence #web #recon #bypass #presentation #javascript