Deploy Rails Application on Amazon Elastic Bean

First Sign into the consle of the Amazon Web Services (AWS) and

In the Navigation pane Select ElasticBean

Click on Applications and then on the Create Applicataion button and

Name the appliation and click on Create

The will create the Application

Now you need to Create the environment.

You need to select the Ruby version. I selected 2.6

It is must same as the the Ruby version in your local and the Ruby version on the AWS must be same otherwise it will fail while deploying

Also you need check the puma version it must also be that of the AWS.

The PUma version is mentioned in the GEM file of the Rails app.

. Leave the rest and now click on Create

Deploying the Application.

Go to your Local folder of the Rails project and run eb init on the root of the app. This will create ebbeanstalk environment folder

You will be prompted to use Code Commit Choose Yes

Then run git add

Then you will be prompted to create a repo . Create a new one

Then select the master branch as shown in the instructions

Now run git commit -m "First Commit"

At last run git push origin master.

select After the code is pushed run eb deploy.

That's it your App will be deployed.

Comments

$1337 YouTube Community (Posts) bug

YouTube Community is a feature that is only available for Channels with 1. Verified Phone numbers 2. A significant history, more content for years. In the early June I started hunting for Security flaws on YouTube I was roaming around the features but most of the places have been found secure or already potential features had the bugs fixes in place. The Community Tab is now Posts So, I thought to exploit Youtube Community feature. I was trying to delete the Posts using IDOR attacks but it didn't work I was tired of trying various attacks but thought to compromise to the least "Privilege escalation". The Security flaw... A user (victim) created a YT Community post, later an attacker while being an Admin of the same Channel has saved the HTTP Request that deletes a Community Post / Poll, then the attacker can replay that HTTP Request after he's demoted from Admin to Subtitle Editor that would delete the Post / Poll. I exploited this flaw I tried after 15 ...

Facebook Bug Bounty $$$$ : Crossposting Live Videos | Facebook Live

In the Facebook Page Settings, you could setup the option for Crossposting Live videos from other pages. The Attacker's page adds a Page (Victim's Page) for crossposting their videos Victim Page's Admin accepts the approval and the default option is Crossposting videos without further approval The Attacker starts live video and selects Victim's Page in the "Crosspost to more pages" Victim visits the Crossposting page in the Page settings and and removes Attacker's Page Attacker selects "Use camera" and clicks on "Go Live". The Victim's Page starts automatically crossposting the live video of Attacker, Bug Bounty of $500

Instagram Reels bug $$$$ Bug Bounty : Making users share unintented reels

This bug is categorised as IDOR. We all share Instagram reels with our friend via DM. Did you every try "Copy link" and share on mediums like WhatsApp or any similar apps ? When you do that, the generated Link would be of the below URL https://www.instagram.com/reels/<REEL_ID>?igsh=<Encrypted> The igsh in the Query params of URL is an encrypted string, that would get decrypted on the Instagram servers to the User's Profile ID. On clicking on the link, it would open the Instagram App and plays the reel and then an interruption will be by a popup like the below screenshot The Attack... Crafting the URL ... If you replace the <Reel_ID> (What the user intended to share) with a <Granphically_Sensitive_Content_REEL_ID> in the link and send it to users, when ever any user opens the link. It would show graphically sensitive content and then a Popup of the victim's profile. Though they didn't intend to share it. Report timeline...

Yaswanth Mangalagiri

Search This Blog