Critical RCE Flaw Reported in MyBB Forum Software—Patch Your Sites

A pair of critical vulnerabilities in a popular bulletin board software called MyBB could have been chained together to achieve remote code execution (RCE) without the need for prior access to a privileged account.
The flaws, which were discovered by independent security researchers Simon Scannell and Carl Smith, were reported to the MyBB Team on February 22, following which it released an update (version 1.8.26) on March 10 addressing the issues.

CVE-2021-27889 - persistent XSS vulnerability enabling any unprivileged forum user to embed stored XSS payloads into threads, posts, and even private messages.

CVE-2021-27890 - SQL injection in a forum's theme manager that could result in an authenticated RCE.

CVE-2021-27946 - Improper validation of the number of votes in thread poll options, leading to SQL injection

CVE-2021-27947 - Improper sanitization of certain forum data, causing SQL injection when used in subsequent queries

CVE-2021-27948 - Additional User Groups ID numbers can be saved without proper validation in the Admin Control Panel, resulting in SQL injection, and

CVE-2021-27949 - A reflected XSS vulnerability in custom Moderator Tools, when user input attached to CSRF token-protected POST requests is not properly sanitized

https://thehackernews.com/2021/03/critical-rce-flaw-reported-in-mybb.html

@Phantasm_Lab

SYNTHWAVE by XLM555
#dark #red #purple

Sci-Fi by @DMJ_Themes
#dark #blue #pink #planets #themechallenge

The Hacker Wars takes you to the front lines of the high-stakes battle over the fate of the Internet, freedom and privacy.

🕴🏼 @Phantasm_Lab

The Hacker Wars leva você até a linha de frente da batalha de alto risco sobre o destino da Internet, liberdade e privacidade.

🕴🏼 @Phantasm_Lab

Security Talks

A place to agroup and organize lectures from security conferences around the world

https://news.1rj.ru/str/SecTalks

Bypassing Web Application Firewall Part 1
https://medium.com/@iratoon/bypassing-web-application-firewall-part-1-3cfd7a1b1159

Bypassing Web Application Firewall Part 2
https://medium.com/@iratoon/bypassing-web-application-firewall-part-2-269470e0c40b

Bypassing Web Application Firewall Part 3
https://medium.com/@iratoon/bypassing-web-application-firewall-part-3-521fd66a6422

Bypassing Web Application Firewall Part 4
https://medium.com/@iratoon/bypassing-web-application-firewall-part-4-862e9929e350

⚡⚡ Ccobalt Strike 4.3 [bug fix] + Toolkits 2021⚡⚡

SHA256 hash of cobaltstrike.jar:

c3c243e6218f7fbaaefb916943f500722644ec396cf91f31a30c777c2d559465 Cobalt Strike 4.3 Licensed


📩 DM If you are interested to Cobalt Strike 4.3 @anoneghost

🎥 Watch Video Demo :
https://vimeo.com/526671360

Ataques contra servidores Microsoft Exchange crescem 1028% em uma semana

Depois do descobrimento de quatro vulnerabilidades de dia zero no Microsoft Exchange, no começo deste mês, o número de tentativas de ataques às empresas clientes da ferramenta aumentou 1028%, indo de 700 na primeira semana, para 7.200 na segunda semana de março, informa a equipe de pesquisa da Check Point, fornecedora israelense de segurança da informação.

https://thehack.com.br/ataques-contra-servidores-microsoft-exchange-crescem-1028-em-uma-semana/

WhatsApp scam messages - what happens when you click on them
https://youtu.be/Dc7Y1fiZGuA

#Documentario #CyberCrime #Hackerville

Assista o documentário sobre cibercrime que apresenta a cidade romena chamada “Hackerville” ou a “Cidade mais perigosa da Internet”. Hackers blackhat condenados, como Guccifer (nome real), falam sobre worms, vírus, engenharia social, roubo de identidade e até sobre invadir o e-mail de Hillary Clinton.

https://m.youtube.com/watch?v=mJ0bN6Nq0PE

🕴 @Phantasm_Lab