🚨 FreePBX SQL Injection & RCE (CVE-2025-57819): I built a safe, read-only checker.
Over the weekend I analyzed a critical SQLi path in a FreePBX AJAX endpoint on a test environment and confirmed which parameters are vulnerable. The result: a compact FreePBX SQL Injection Checker that safely tells you whether your PBX could be at risk of RCE and full server compromise - without writing to the database.
What’s inside?
▪️ Read-only diagnostics (error/boolean/time-based).
▪️ Focus on potential vulnerable parameters in /admin/ajax.php.
▪️ Clear per-parameter verdicts + JSON report for CI/IR.
▪️ Proxy-friendly (Burp/ZAP), easy to noscript, easy to review.
Why it matters?
Unpatched SQLi on an Internet-exposed PBX is a straight line to RCE => call interception, credential theft, lateral movement, and full business impact.
Get it here:
👉 GitHub: https://github.com/xV4nd3Rx/CVE-2025-57819_FreePBX-PoC
Use it only on systems you own or are authorized to test. Feedback and PRs welcome!
Over the weekend I analyzed a critical SQLi path in a FreePBX AJAX endpoint on a test environment and confirmed which parameters are vulnerable. The result: a compact FreePBX SQL Injection Checker that safely tells you whether your PBX could be at risk of RCE and full server compromise - without writing to the database.
What’s inside?
▪️ Read-only diagnostics (error/boolean/time-based).
▪️ Focus on potential vulnerable parameters in /admin/ajax.php.
▪️ Clear per-parameter verdicts + JSON report for CI/IR.
▪️ Proxy-friendly (Burp/ZAP), easy to noscript, easy to review.
Why it matters?
Unpatched SQLi on an Internet-exposed PBX is a straight line to RCE => call interception, credential theft, lateral movement, and full business impact.
Get it here:
👉 GitHub: https://github.com/xV4nd3Rx/CVE-2025-57819_FreePBX-PoC
Use it only on systems you own or are authorized to test. Feedback and PRs welcome!
GitHub
GitHub - xV4nd3Rx/CVE-2025-57819_FreePBX-PoC: Safe, read-only SQL Injection checker for FreePBX (CVE-2025-57819), using error/boolean/time…
Safe, read-only SQL Injection checker for FreePBX (CVE-2025-57819), using error/boolean/time-based techniques with per-parameter verdicts and JSON reporting. - xV4nd3Rx/CVE-2025-57819_FreePBX-PoC
👍1🔥1
🚨 FreePBX SQLi & RCE (CVE-2025-57819) - v1.1.0 Updated!
Read-only checker update: multi-host scans + structured output for fast CI/IR.
Usage:
🗂️ -L / --list - scan hosts from a .txt (one per line, # = comment)
📄 Per-host JSON reports → out/ (--out-dir)
🔴 vulnerable.txt - quick list of vulnerable hosts + params
⏱️ --delay - pause between hosts (default 1.5s)
🛡️ Read-only checks (error/boolean/time-based). Proxy-friendly (Burp/ZAP).
Get it here:
👉 GitHub:
🔗 https://github.com/xV4nd3Rx/CVE-2025-57819_FreePBX-PoC
Read-only checker update: multi-host scans + structured output for fast CI/IR.
Usage:
🗂️ -L / --list - scan hosts from a .txt (one per line, # = comment)
📄 Per-host JSON reports → out/ (--out-dir)
🔴 vulnerable.txt - quick list of vulnerable hosts + params
⏱️ --delay - pause between hosts (default 1.5s)
🛡️ Read-only checks (error/boolean/time-based). Proxy-friendly (Burp/ZAP).
Get it here:
👉 GitHub:
🔗 https://github.com/xV4nd3Rx/CVE-2025-57819_FreePBX-PoC
GitHub
GitHub - xV4nd3Rx/CVE-2025-57819_FreePBX-PoC: Safe, read-only SQL Injection checker for FreePBX (CVE-2025-57819), using error/boolean/time…
Safe, read-only SQL Injection checker for FreePBX (CVE-2025-57819), using error/boolean/time-based techniques with per-parameter verdicts and JSON reporting. - xV4nd3Rx/CVE-2025-57819_FreePBX-PoC
🔥4
🚀 Kali Linux 2025.3 Released - New Tools & Wi-Fi Enhancements
The latest update to Kali Linux is here, bringing powerful new tools, Wi-Fi improvements, and NetHunter updates.
🔧 What’s New
• 10 new tools: Caido, DiE, Gemini CLI, krbrelayx, ligolo-mp, llm-tools-nmap, mcp-kali-server, patchleaks, vwifi-dkms, and more.
• Wi-Fi & Nexmon: Expanded support for Broadcom/Cypress chips with monitor & injection modes.
• Kali NetHunter: New device support (Samsung S10), CARsenal improvements, UI fixes.
• Xfce VPN panel: More flexible IP copy options.
• ARMel dropped, Magisk kernel modules added (experimental).
🔄 How to Update
For those updating from a previous version, you can use the following commands to upgrade to the latest version.
The latest update to Kali Linux is here, bringing powerful new tools, Wi-Fi improvements, and NetHunter updates.
🔧 What’s New
• 10 new tools: Caido, DiE, Gemini CLI, krbrelayx, ligolo-mp, llm-tools-nmap, mcp-kali-server, patchleaks, vwifi-dkms, and more.
• Wi-Fi & Nexmon: Expanded support for Broadcom/Cypress chips with monitor & injection modes.
• Kali NetHunter: New device support (Samsung S10), CARsenal improvements, UI fixes.
• Xfce VPN panel: More flexible IP copy options.
• ARMel dropped, Magisk kernel modules added (experimental).
🔄 How to Update
For those updating from a previous version, you can use the following commands to upgrade to the latest version.
echo "deb http://http.kali.org/kali kali-rolling main contrib non-free non-free-firmware" | sudo tee /etc/apt/sources.list
sudo apt update && sudo apt -y full-upgrade
cp -vrbi /etc/skel/. ~/
[ -f /var/run/reboot-required ] && sudo reboot -f
🔥3❤1
CorsairAPI - async, OpenAPI-aware recon & payload generator for APIs.
It auto-discovers Swagger/OpenAPI, parses robots/sitemap, probes subdomains, and exports clean artifacts (results.csv, oas_endpoints.txt, oas_payloads.jsonl) for Burp/ZAP or pipelines.
Why it’s handy?
🔎 Smart discovery (OpenAPI, HTML hints, robots/sitemap)
⚙️ Modes: stealth / medium / aggressive
🤖 Interactive setup (mode, UA, depth) or pure CLI
🧪 Schema-driven request/payload generation
📊 CSV now logs findings even with depth=0 (incl. found tags)
Get it here 👉 https://github.com/xV4nd3Rx/CorsairAPI
Stars & feedback welcome! ⭐
It auto-discovers Swagger/OpenAPI, parses robots/sitemap, probes subdomains, and exports clean artifacts (results.csv, oas_endpoints.txt, oas_payloads.jsonl) for Burp/ZAP or pipelines.
Why it’s handy?
🔎 Smart discovery (OpenAPI, HTML hints, robots/sitemap)
⚙️ Modes: stealth / medium / aggressive
🤖 Interactive setup (mode, UA, depth) or pure CLI
🧪 Schema-driven request/payload generation
📊 CSV now logs findings even with depth=0 (incl. found tags)
Get it here 👉 https://github.com/xV4nd3Rx/CorsairAPI
Stars & feedback welcome! ⭐
🔥3⚡1
Metasploit Weekly Wrap-Up - Sep 26, 2025
🧩 Cron Persistence refresh - cron-based persistence now aligned with the new persistence mixin (multi/persistence/cron). Cleaner internals, same effect.
🔥 FreePBX /admin/ajax.php SQLi → RCE (CVE-2025-57819) - new module (unix/http/freepbx_unauth_sqli_to_rce) abuses SQLi to write a cron job for code execution. Auth bypass + SQLi chain, wide impact on v15/16/17. Patch fast.
Update with msfupdate and read the full wrap-up here 👉 https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-09-26-2025
🧩 Cron Persistence refresh - cron-based persistence now aligned with the new persistence mixin (multi/persistence/cron). Cleaner internals, same effect.
🔥 FreePBX /admin/ajax.php SQLi → RCE (CVE-2025-57819) - new module (unix/http/freepbx_unauth_sqli_to_rce) abuses SQLi to write a cron job for code execution. Auth bypass + SQLi chain, wide impact on v15/16/17. Patch fast.
Update with msfupdate and read the full wrap-up here 👉 https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-09-26-2025
🔥4⚡1👏1
🚩 The Huntress CTF is back!
🕵️♀️ Now in its third year, the competition runs October 1 – October 31 with new challenges every single day.
💻 Free to play. Register anytime — even while the game is live!
⏳ Play at your own pace, whenever you want.
🔗 Sign up here: ctf.huntress.com
🕵️♀️ Now in its third year, the competition runs October 1 – October 31 with new challenges every single day.
💻 Free to play. Register anytime — even while the game is live!
⏳ Play at your own pace, whenever you want.
🔗 Sign up here: ctf.huntress.com
❤3👍2🔥2
🚨 Break into Cybersecurity for FREE 🚨
Want to become a SOC Analyst but don’t know where to start?
Here are free certifications & learning paths to kickstart your career ⬇️
✅ Cisco – Security Operations Center (SOC)
✅ Cisco – Junior Cybersecurity Analyst
✅ TryHackMe – SOC Level 1
✅ LetsDefend – SOC Analyst Learning Path
✅ Splunk – Free training on monitoring & SIEM
No excuses now – these resources can help you build real SOC skills without spending a money 💸
📌 Save this list & start your SOC journey today.
Want to become a SOC Analyst but don’t know where to start?
Here are free certifications & learning paths to kickstart your career ⬇️
✅ Cisco – Security Operations Center (SOC)
✅ Cisco – Junior Cybersecurity Analyst
✅ TryHackMe – SOC Level 1
✅ LetsDefend – SOC Analyst Learning Path
✅ Splunk – Free training on monitoring & SIEM
No excuses now – these resources can help you build real SOC skills without spending a money 💸
📌 Save this list & start your SOC journey today.
❤3🔥3👏1
📢FREE COMPTIA EXAM VOUCHER!📢
CompTIA launched a new certification (CompTIA SecAI+) and is offering FREE vouchers for those that qualify.
Domains & weights:
1) Basic AI Concepts Related to Cyber — 17%
2) Securing AI Systems — 40%
3) AI-assisted Security — 24%
4) AI Governance, Risk & Compliance — 19%
✅ Check eligibility and register here: https://lnkd.in/diQcCAn4
If you qualify, take, and pass the beta exam, you will earn the new CompTIA SecAI+ certification at no cost.
📅 Take the beta exam by October 17, 2025, to receive an incentive.
⏳ The beta exam period ends on October 31, 2025.
CompTIA launched a new certification (CompTIA SecAI+) and is offering FREE vouchers for those that qualify.
Domains & weights:
1) Basic AI Concepts Related to Cyber — 17%
2) Securing AI Systems — 40%
3) AI-assisted Security — 24%
4) AI Governance, Risk & Compliance — 19%
✅ Check eligibility and register here: https://lnkd.in/diQcCAn4
If you qualify, take, and pass the beta exam, you will earn the new CompTIA SecAI+ certification at no cost.
📅 Take the beta exam by October 17, 2025, to receive an incentive.
⏳ The beta exam period ends on October 31, 2025.
🤝3❤2👏1
⚠️ New Free Learning path: NoSQL injection ⚠️
This learning path covers the detection, exploitation, and prevention of NoSQL injection vulnerabilities.
You’ll learn:
🔶 The core principles behind NoSQL injection and the different types of attacks.
🔶 How to perform both syntax and operator injection to read and manipulate data.
🔶 How to extract data from a database after you've successfully injected a query.
🔶 How to use timing-based injection to find vulnerabilities when a server doesn't provide a direct response.
🔶 Learning to secure your applications against these types of attacks.
Begin your journey: https://portswigger.net/web-security/learning-paths/nosql-injection
This learning path covers the detection, exploitation, and prevention of NoSQL injection vulnerabilities.
You’ll learn:
🔶 The core principles behind NoSQL injection and the different types of attacks.
🔶 How to perform both syntax and operator injection to read and manipulate data.
🔶 How to extract data from a database after you've successfully injected a query.
🔶 How to use timing-based injection to find vulnerabilities when a server doesn't provide a direct response.
🔶 Learning to secure your applications against these types of attacks.
Begin your journey: https://portswigger.net/web-security/learning-paths/nosql-injection
✍2❤2👏1
It's Cybersecurity Awareness Month — how will you train your team: phishing sims, tabletop drills, or live exercises? 🛡️✨
🔹 GoPhish — lightweight, open-source phishing campaign server for quick training. (https://getgophish.com)
🔸 Evilginx — phishing-proxy (https://github.com/kgretzky/evilginx2).
🔹 King Phisher — campaign management + tracking for advanced internal tests. (https://github.com/rsmusllp/king-phisher)
🔸 Social-Engineer Toolkit (SET) — social-engineering framework with phishing templates. (https://github.com/trustedsec/social-engineer-toolkit)
⚠️ Use only with explicit authorization, legal approval, and an incident-response plan.
🔹 GoPhish — lightweight, open-source phishing campaign server for quick training. (https://getgophish.com)
🔸 Evilginx — phishing-proxy (https://github.com/kgretzky/evilginx2).
🔹 King Phisher — campaign management + tracking for advanced internal tests. (https://github.com/rsmusllp/king-phisher)
🔸 Social-Engineer Toolkit (SET) — social-engineering framework with phishing templates. (https://github.com/trustedsec/social-engineer-toolkit)
⚠️ Use only with explicit authorization, legal approval, and an incident-response plan.
😁2👍1