Using GitHub to Look at Source for a CVE [HackTheBox - Forgot]
In Forgot from HackTheBox, I'll need to exploit an insecure use of tensorflow. There's a CVE that does the same exploitation, and I want to see what the vulnerable code looks like. As a beginner, looking at GitHub for a large opensource project can be intimidating. I'll show how to find the code we're looking for a couple ways, and find where it was patched to fix the default vulnerable behavior.
#pentest #ctf #bugbounty
Forgot blog post: https://0xdf.gitlab.io/2023/03/04/htb...
☕ Buy Me A Coffee: https://www.buymeacoffee.com/0xdf
[00:00] Introduction
[00:44] Googling function, finding CVE
[01:23] CVE-2022-29216 advisory
[02:12] Finding function in source
[03:45] Looking at function
[06:06] eval vs ast.literal_eval
[07:05] Finding code within project
Watch video Using GitHub to Look at Source for a CVE [HackTheBox - Forgot] online without registration, duration hours minute second in high quality. This video was added by user 0xdf 04 March 2023, don't forget to share it with your friends and acquaintances, it has been viewed on our site 955 once and liked it 62 people.