mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-21 11:56:11 +00:00
917 B
917 B
FFmpeg HLS vulnerability
FFmpeg is an open source software used for processing audio and video formats. You can use a malicious HLS playlist inside an AVI video to read arbitrary files.
Exploits
1. `./gen_xbin_avi.py file://<filename> file_read.avi`
2. Upload `file_read.avi` to some website that processes videofiles
3. (on server side, done by the videoservice) `ffmpeg -i file_read.avi output.mp4`
4. Click "Play" in the videoservice.
5. If you are lucky, you'll the content of `<filename>` from the server.