Web application with the function of uploading images through a link provided by the user . This access error leads to RCE and scanning of intranet ports
Link video Poc
https://drive.google.com/file/d/17fksa8odZAqCuqRQbOCutc9I7eoN_un-/view?usp=sharing
1 . Use a service like burp collaborator to observer incoming requests.
2 . Go to the add news function, in the image section there is a button for the user to provide the image link
3 . Provide the url using the Burp Collaborator server’s domain name to request the web app to access
4 . Observe incoming DNS and HTTP requests. and see that there is a request from the linux server sent to the Burp Collaborator server
5 . Video poc conducted an internal port scan to see what ports are open based on response time