Hi, and welcome to this new video!

In this video I continue my web exploitation series by introducing another important vulnerability known as "Directory Traversal".

If you're interested in more videos of the series or if you have any feedback, please let me know!

-------------------------

TIMESTAMP

00:00 Introduction
01:45 Tomcat Setup
09:40 Static Web Application
14:00 Dynamic Web Application with JSP
15:40 Fuzzing with wfuzz to discover parameter
19:40 Analyzing the disclosed stacktrace
22:45 A simple Directory Traversal
27:55 A more complex Directory Traversal
32:50 Directory Traversal in SecureBank
38:50 Conclusion

-------------------------

REFERENCES

- Material: https://github.com/LeonardoE95/yt-en/tree/main/src/2024-03-09-web-exploitation-directory-traversal
- SecureBank: https://github.com/ssrdio/SecureBank
- DVWA code: https://github.com/LeonardoE95/DVWA
- BurpSuite Community Edition: https://portswigger.net/burp/communitydownload
- OSCP repository: https://github.com/LeonardoE95/OSCP


-------------------------

CONTACTS

- Blog: https://blog.leonardotamiano.xyz/
- Github: https://github.com/LeonardoE95?tab=repositories
- Support: https://www.paypal.com/donate/?hosted_button_id=T49GUPRXALYTQ