Some time last year, I came across a Burp extension on Github that replicates the Invoke Applications functionality from OWASP ZAP in Burp. Since discovering this extension, it has become a very big part of my Burp workflow and probably one of the first extensions that I install on Burp. Surprisingly, I haven't seen anyone else using this extension and the Github project seems rather unknown to most people as well. The extension I am talking about is " burp-send-to " by "bytebutcher". PS: I couldn't find the original author of the extension on Twitter, if you know "bytebutcher", please reach out to me so that I can say thank you for their work on this and update their contact info. Bytebutcher contacted me via email :) Follow him on twitter and keep an eye for more awesome projects on his Github Lets see what this extension is all about! Core Idea If you use BurpSuite regularly, you are probably familiar with sending requests from one tool to ...
This is the story of how I was able to get remote code execution on Hubspot 's servers by exploiting a vulnerability in HubL expression language , which is used for creating templates and custom modules within the Hubspot CRM. I had absolutely no experience with these kinds of vulnerabilities before and it turned out to be a very interesting learning opportunity. In this post, I go through the process I followed while researching and how little pieces were connected together to achieve a much bigger goal. Getting started While working on the Hubspot's bugbounty program, I came across a functionality which looked very interesting. Users can create custom designs for emails or blogs from the design manager and can use HubL expression language in their templates. Because HubL is a markup language, I began with the payload {{7*7}} and got a nice '49' back which means the server was treating anything within two curly brackets as HubL code. Bear in mind, at...