Official Usage Discussion

Does anyone know why would burp fail to connect? I checked the input, the file type, the certificates etc. Nothing. Always fails to connect.

Never mind. I found the issue in a small typo in proxy. Self diagnosed and fixed made me feel better haha

1 Like

I tried that, its not working, is there a subdomain that i need to find out.

it should work, what’s inside /etc/hosts?

ok got it, i manually added the ip address in /etc/hosts file, now it is working. thank u for the hint

1 Like

Success! The machine is finally singing my tune!

Hi mate, i figured it out thanks :slight_smile:

1 Like

need hint …i have admin password from database but now stuck at about where to use it .
login page is asking for email address but could not find admin email address .

i have tried using the format of email address found for other user but no luck.
i have already check the whole database but could not find any admin email address and have done dir fuzzing using gobuster.

finally completed

Kinda stuck with the 503 error, could someone DM me for a hint?

Hi everyone,
After establishing it manually, now I’m struggling with sqlmap, can someone help? it seems to recognize at the same time, the email parameter as injectable and the vulnerability as a false positive later in the result.

Hello, I have same issue. have you solve this issue ?!

not sure it is the solution as It was pretty random in the end but try this command to flush sqlmap results :
rm -rf /home/kali/.local/share/sqlmap/output/*

1 Like

I think this is the solution
Thanks you have saved my time and energy !

This is crazy. I’ve got the admin password from the database no problem. I’ve found the CVE for the Lateral application. I understand what the CVE is stating and I have found the image upload vector a long with the manipulation of the file extension (this is a great example of how trusting files based on mime types or 3 letter extensions is dumb and only file magic should ever be trusted) and my POST request is accepted by the application. But whether I intercept the POST request and manipulate it in real time or if I send it to Burp repeater (I use Burp macros to accommodate the CSRF and laravel_session headers) and try and reissue the POST I can’t get the file to upload. Half the time it uploads and the web interface reports that it has been uploaded but my payload never executes or nothing happens and I don’t even get a freakin’ 404, 503, 500 or my new favorite 419. Something is whacko with this box - I tried resetting it and it was more stable (stop getting 419s but upload now NEVER sticks).

I’m open to any suggestions because after reading this entire thread it seems this should’ve been a fairly simple exploit. Thanks in advance.