Two years ago, something very strange happened to me while working from my home network. I was exploiting a blind XXE vulnerability that required an external HTTP server to smuggle out files, so I spun up an AWS box and ran a simple Python webserver to receive the traffic from the vulnerable server.
I’ve generally been under the impression that my modern wasn’t worth worrying about, since it’s impossible to access via IP. Guess I have another thing to keep me awake at night.
One of the things I’ll never understand was why the attacker was replaying my traffic? They were clearly in my network and could access everything without being detected, why replay all the HTTP requests? So odd.
I’ve generally been under the impression that my modern wasn’t worth worrying about, since it’s impossible to access via IP. Guess I have another thing to keep me awake at night.
Was hoping to get an answer to this.