9Mar
I have access to companies internal files through SSRF and Path traversal both but want to leverage it further to website takeover
I have access to companies internal files through SSRF and Path traversal both but want to leverage it further to website takeover. Thus I can increase the impact and get more bounty then what they will pay now.
I have access to files like
/etc/passwd
/etc/hosts etc
similarly for SSRF - 127.0.0.1:22 , 127.0.0.1:25
this are the endpoints which I though might be sensitive and can give me info to takeover website.
is there anything more I should look for?
And they don't have any upload file or system where I can upload my .php shell, so its been days I am just stuck here:(