🚨 FreePBX SQL Injection & RCE (CVE-2025-57819): I built a safe, read-only checker.
Over the weekend I analyzed a critical SQLi path in a FreePBX AJAX endpoint on a test environment and confirmed which parameters are vulnerable. The result: a compact FreePBX SQL Injection Checker that safely tells you whether your PBX could be at risk of RCE and full server compromise - without writing to the database.
What’s inside?
▪️ Read-only diagnostics (error/boolean/time-based).
▪️ Focus on potential vulnerable parameters in /admin/ajax.php.
▪️ Clear per-parameter verdicts + JSON report for CI/IR.
▪️ Proxy-friendly (Burp/ZAP), easy to noscript, easy to review.
Why it matters?
Unpatched SQLi on an Internet-exposed PBX is a straight line to RCE => call interception, credential theft, lateral movement, and full business impact.
Get it here:
👉 GitHub: https://github.com/xV4nd3Rx/CVE-2025-57819_FreePBX-PoC
Use it only on systems you own or are authorized to test. Feedback and PRs welcome!
Over the weekend I analyzed a critical SQLi path in a FreePBX AJAX endpoint on a test environment and confirmed which parameters are vulnerable. The result: a compact FreePBX SQL Injection Checker that safely tells you whether your PBX could be at risk of RCE and full server compromise - without writing to the database.
What’s inside?
▪️ Read-only diagnostics (error/boolean/time-based).
▪️ Focus on potential vulnerable parameters in /admin/ajax.php.
▪️ Clear per-parameter verdicts + JSON report for CI/IR.
▪️ Proxy-friendly (Burp/ZAP), easy to noscript, easy to review.
Why it matters?
Unpatched SQLi on an Internet-exposed PBX is a straight line to RCE => call interception, credential theft, lateral movement, and full business impact.
Get it here:
👉 GitHub: https://github.com/xV4nd3Rx/CVE-2025-57819_FreePBX-PoC
Use it only on systems you own or are authorized to test. Feedback and PRs welcome!
GitHub
GitHub - xV4nd3Rx/CVE-2025-57819_FreePBX-PoC: Safe, read-only SQL Injection checker for FreePBX (CVE-2025-57819), using error/boolean/time…
Safe, read-only SQL Injection checker for FreePBX (CVE-2025-57819), using error/boolean/time-based techniques with per-parameter verdicts and JSON reporting. - xV4nd3Rx/CVE-2025-57819_FreePBX-PoC
👍1🔥1
🚨 FreePBX SQLi & RCE (CVE-2025-57819) - v1.1.0 Updated!
Read-only checker update: multi-host scans + structured output for fast CI/IR.
Usage:
🗂️ -L / --list - scan hosts from a .txt (one per line, # = comment)
📄 Per-host JSON reports → out/ (--out-dir)
🔴 vulnerable.txt - quick list of vulnerable hosts + params
⏱️ --delay - pause between hosts (default 1.5s)
🛡️ Read-only checks (error/boolean/time-based). Proxy-friendly (Burp/ZAP).
Get it here:
👉 GitHub:
🔗 https://github.com/xV4nd3Rx/CVE-2025-57819_FreePBX-PoC
Read-only checker update: multi-host scans + structured output for fast CI/IR.
Usage:
🗂️ -L / --list - scan hosts from a .txt (one per line, # = comment)
📄 Per-host JSON reports → out/ (--out-dir)
🔴 vulnerable.txt - quick list of vulnerable hosts + params
⏱️ --delay - pause between hosts (default 1.5s)
🛡️ Read-only checks (error/boolean/time-based). Proxy-friendly (Burp/ZAP).
Get it here:
👉 GitHub:
🔗 https://github.com/xV4nd3Rx/CVE-2025-57819_FreePBX-PoC
GitHub
GitHub - xV4nd3Rx/CVE-2025-57819_FreePBX-PoC: Safe, read-only SQL Injection checker for FreePBX (CVE-2025-57819), using error/boolean/time…
Safe, read-only SQL Injection checker for FreePBX (CVE-2025-57819), using error/boolean/time-based techniques with per-parameter verdicts and JSON reporting. - xV4nd3Rx/CVE-2025-57819_FreePBX-PoC
🔥4
🚀 Kali Linux 2025.3 Released - New Tools & Wi-Fi Enhancements
The latest update to Kali Linux is here, bringing powerful new tools, Wi-Fi improvements, and NetHunter updates.
🔧 What’s New
• 10 new tools: Caido, DiE, Gemini CLI, krbrelayx, ligolo-mp, llm-tools-nmap, mcp-kali-server, patchleaks, vwifi-dkms, and more.
• Wi-Fi & Nexmon: Expanded support for Broadcom/Cypress chips with monitor & injection modes.
• Kali NetHunter: New device support (Samsung S10), CARsenal improvements, UI fixes.
• Xfce VPN panel: More flexible IP copy options.
• ARMel dropped, Magisk kernel modules added (experimental).
🔄 How to Update
For those updating from a previous version, you can use the following commands to upgrade to the latest version.
The latest update to Kali Linux is here, bringing powerful new tools, Wi-Fi improvements, and NetHunter updates.
🔧 What’s New
• 10 new tools: Caido, DiE, Gemini CLI, krbrelayx, ligolo-mp, llm-tools-nmap, mcp-kali-server, patchleaks, vwifi-dkms, and more.
• Wi-Fi & Nexmon: Expanded support for Broadcom/Cypress chips with monitor & injection modes.
• Kali NetHunter: New device support (Samsung S10), CARsenal improvements, UI fixes.
• Xfce VPN panel: More flexible IP copy options.
• ARMel dropped, Magisk kernel modules added (experimental).
🔄 How to Update
For those updating from a previous version, you can use the following commands to upgrade to the latest version.
echo "deb http://http.kali.org/kali kali-rolling main contrib non-free non-free-firmware" | sudo tee /etc/apt/sources.list
sudo apt update && sudo apt -y full-upgrade
cp -vrbi /etc/skel/. ~/
[ -f /var/run/reboot-required ] && sudo reboot -f
🔥3❤1
CorsairAPI - async, OpenAPI-aware recon & payload generator for APIs.
It auto-discovers Swagger/OpenAPI, parses robots/sitemap, probes subdomains, and exports clean artifacts (results.csv, oas_endpoints.txt, oas_payloads.jsonl) for Burp/ZAP or pipelines.
Why it’s handy?
🔎 Smart discovery (OpenAPI, HTML hints, robots/sitemap)
⚙️ Modes: stealth / medium / aggressive
🤖 Interactive setup (mode, UA, depth) or pure CLI
🧪 Schema-driven request/payload generation
📊 CSV now logs findings even with depth=0 (incl. found tags)
Get it here 👉 https://github.com/xV4nd3Rx/CorsairAPI
Stars & feedback welcome! ⭐
It auto-discovers Swagger/OpenAPI, parses robots/sitemap, probes subdomains, and exports clean artifacts (results.csv, oas_endpoints.txt, oas_payloads.jsonl) for Burp/ZAP or pipelines.
Why it’s handy?
🔎 Smart discovery (OpenAPI, HTML hints, robots/sitemap)
⚙️ Modes: stealth / medium / aggressive
🤖 Interactive setup (mode, UA, depth) or pure CLI
🧪 Schema-driven request/payload generation
📊 CSV now logs findings even with depth=0 (incl. found tags)
Get it here 👉 https://github.com/xV4nd3Rx/CorsairAPI
Stars & feedback welcome! ⭐
🔥3⚡1
Metasploit Weekly Wrap-Up - Sep 26, 2025
🧩 Cron Persistence refresh - cron-based persistence now aligned with the new persistence mixin (multi/persistence/cron). Cleaner internals, same effect.
🔥 FreePBX /admin/ajax.php SQLi → RCE (CVE-2025-57819) - new module (unix/http/freepbx_unauth_sqli_to_rce) abuses SQLi to write a cron job for code execution. Auth bypass + SQLi chain, wide impact on v15/16/17. Patch fast.
Update with msfupdate and read the full wrap-up here 👉 https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-09-26-2025
🧩 Cron Persistence refresh - cron-based persistence now aligned with the new persistence mixin (multi/persistence/cron). Cleaner internals, same effect.
🔥 FreePBX /admin/ajax.php SQLi → RCE (CVE-2025-57819) - new module (unix/http/freepbx_unauth_sqli_to_rce) abuses SQLi to write a cron job for code execution. Auth bypass + SQLi chain, wide impact on v15/16/17. Patch fast.
Update with msfupdate and read the full wrap-up here 👉 https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-09-26-2025
🔥4⚡1👏1
🚩 The Huntress CTF is back!
🕵️♀️ Now in its third year, the competition runs October 1 – October 31 with new challenges every single day.
💻 Free to play. Register anytime — even while the game is live!
⏳ Play at your own pace, whenever you want.
🔗 Sign up here: ctf.huntress.com
🕵️♀️ Now in its third year, the competition runs October 1 – October 31 with new challenges every single day.
💻 Free to play. Register anytime — even while the game is live!
⏳ Play at your own pace, whenever you want.
🔗 Sign up here: ctf.huntress.com
❤3👍2🔥2
🚨 Break into Cybersecurity for FREE 🚨
Want to become a SOC Analyst but don’t know where to start?
Here are free certifications & learning paths to kickstart your career ⬇️
✅ Cisco – Security Operations Center (SOC)
✅ Cisco – Junior Cybersecurity Analyst
✅ TryHackMe – SOC Level 1
✅ LetsDefend – SOC Analyst Learning Path
✅ Splunk – Free training on monitoring & SIEM
No excuses now – these resources can help you build real SOC skills without spending a money 💸
📌 Save this list & start your SOC journey today.
Want to become a SOC Analyst but don’t know where to start?
Here are free certifications & learning paths to kickstart your career ⬇️
✅ Cisco – Security Operations Center (SOC)
✅ Cisco – Junior Cybersecurity Analyst
✅ TryHackMe – SOC Level 1
✅ LetsDefend – SOC Analyst Learning Path
✅ Splunk – Free training on monitoring & SIEM
No excuses now – these resources can help you build real SOC skills without spending a money 💸
📌 Save this list & start your SOC journey today.
❤3🔥3👏1
📢FREE COMPTIA EXAM VOUCHER!📢
CompTIA launched a new certification (CompTIA SecAI+) and is offering FREE vouchers for those that qualify.
Domains & weights:
1) Basic AI Concepts Related to Cyber — 17%
2) Securing AI Systems — 40%
3) AI-assisted Security — 24%
4) AI Governance, Risk & Compliance — 19%
✅ Check eligibility and register here: https://lnkd.in/diQcCAn4
If you qualify, take, and pass the beta exam, you will earn the new CompTIA SecAI+ certification at no cost.
📅 Take the beta exam by October 17, 2025, to receive an incentive.
⏳ The beta exam period ends on October 31, 2025.
CompTIA launched a new certification (CompTIA SecAI+) and is offering FREE vouchers for those that qualify.
Domains & weights:
1) Basic AI Concepts Related to Cyber — 17%
2) Securing AI Systems — 40%
3) AI-assisted Security — 24%
4) AI Governance, Risk & Compliance — 19%
✅ Check eligibility and register here: https://lnkd.in/diQcCAn4
If you qualify, take, and pass the beta exam, you will earn the new CompTIA SecAI+ certification at no cost.
📅 Take the beta exam by October 17, 2025, to receive an incentive.
⏳ The beta exam period ends on October 31, 2025.
🤝3❤2👏1
⚠️ New Free Learning path: NoSQL injection ⚠️
This learning path covers the detection, exploitation, and prevention of NoSQL injection vulnerabilities.
You’ll learn:
🔶 The core principles behind NoSQL injection and the different types of attacks.
🔶 How to perform both syntax and operator injection to read and manipulate data.
🔶 How to extract data from a database after you've successfully injected a query.
🔶 How to use timing-based injection to find vulnerabilities when a server doesn't provide a direct response.
🔶 Learning to secure your applications against these types of attacks.
Begin your journey: https://portswigger.net/web-security/learning-paths/nosql-injection
This learning path covers the detection, exploitation, and prevention of NoSQL injection vulnerabilities.
You’ll learn:
🔶 The core principles behind NoSQL injection and the different types of attacks.
🔶 How to perform both syntax and operator injection to read and manipulate data.
🔶 How to extract data from a database after you've successfully injected a query.
🔶 How to use timing-based injection to find vulnerabilities when a server doesn't provide a direct response.
🔶 Learning to secure your applications against these types of attacks.
Begin your journey: https://portswigger.net/web-security/learning-paths/nosql-injection
✍2❤2👏1
It's Cybersecurity Awareness Month — how will you train your team: phishing sims, tabletop drills, or live exercises? 🛡️✨
🔹 GoPhish — lightweight, open-source phishing campaign server for quick training. (https://getgophish.com)
🔸 Evilginx — phishing-proxy (https://github.com/kgretzky/evilginx2).
🔹 King Phisher — campaign management + tracking for advanced internal tests. (https://github.com/rsmusllp/king-phisher)
🔸 Social-Engineer Toolkit (SET) — social-engineering framework with phishing templates. (https://github.com/trustedsec/social-engineer-toolkit)
⚠️ Use only with explicit authorization, legal approval, and an incident-response plan.
🔹 GoPhish — lightweight, open-source phishing campaign server for quick training. (https://getgophish.com)
🔸 Evilginx — phishing-proxy (https://github.com/kgretzky/evilginx2).
🔹 King Phisher — campaign management + tracking for advanced internal tests. (https://github.com/rsmusllp/king-phisher)
🔸 Social-Engineer Toolkit (SET) — social-engineering framework with phishing templates. (https://github.com/trustedsec/social-engineer-toolkit)
⚠️ Use only with explicit authorization, legal approval, and an incident-response plan.
😁2👍1
Interesting article, I recommend reading it. Incidentally, my first accepted bug on BugBounty was about CORS.
“My amma always said “Don’t talk to strangers from different neighborhoods!” but these web applications were having full conversations with anyone who asked! 😂”
Get it here 👉 https://infosecwriteups.com/cors-misadventures-how-misconfigured-origins-turned-me-into-an-accidental-admin-2107aa1768d6
“My amma always said “Don’t talk to strangers from different neighborhoods!” but these web applications were having full conversations with anyone who asked! 😂”
Get it here 👉 https://infosecwriteups.com/cors-misadventures-how-misconfigured-origins-turned-me-into-an-accidental-admin-2107aa1768d6
✍4
🚀 Hidden API Endpoints — The Hacker’s Shortcut
Every major platform hides forgotten or undocumented APIs - and that’s where attackers often strike first. These silent endpoints can expose sensitive data, bypass authentication, or open full admin access.
🔍 Key takeaways:
• Hidden APIs = attack surface.
• Often left unmonitored, unpatched, or exposed via staging/dev systems.
• Security through obscurity never works.
⚔️ Defensive checklist:
1. Inventory all API endpoints (including shadow & internal).
2. Enforce auth + rate limiting everywhere.
3. Audit logs for unknown request paths.
4. Automate API discovery in recon pipelines.
Read full breakdown 👉 thehackerslog.substack.com/p/hidden-api-endpoints-the-hackers
#BugBounty #APIsecurity #Infosec #Recon
Every major platform hides forgotten or undocumented APIs - and that’s where attackers often strike first. These silent endpoints can expose sensitive data, bypass authentication, or open full admin access.
🔍 Key takeaways:
• Hidden APIs = attack surface.
• Often left unmonitored, unpatched, or exposed via staging/dev systems.
• Security through obscurity never works.
⚔️ Defensive checklist:
1. Inventory all API endpoints (including shadow & internal).
2. Enforce auth + rate limiting everywhere.
3. Audit logs for unknown request paths.
4. Automate API discovery in recon pipelines.
Read full breakdown 👉 thehackerslog.substack.com/p/hidden-api-endpoints-the-hackers
#BugBounty #APIsecurity #Infosec #Recon
🔥4
💥 YOU CAN NOT MISS THIS! GIVEAWAY! 💥
👉 Certified Offensive Security Junior (COSJ)
RedOps Academy has made their course FREE for 24 hours!
All enrolled students will enjoy lifetime access — so you can keep learning and revisiting the labs anytime.
👉 Certified Offensive Security Junior (COSJ)
RedOps Academy has made their course FREE for 24 hours!
All enrolled students will enjoy lifetime access — so you can keep learning and revisiting the labs anytime.
❤1🤝1
🤖Gemini CLI to Your Kali Linux Terminal To Automate Penetration Testing Tasks 🤖
👉 Feel free to use! 👈
With the release of Kali Linux 2025.3, a major update introduces an innovative tool that combines artificial intelligence and cybersecurity: the Gemini Command-Line Interface (CLI).
This new open-source package integrates Google's powerful Gemini AI directly into the terminal, offering penetration testers and security professionals an intelligent assistant designed to streamline and automate complex security workflows.
🛠️ Installation 🛠️
#kali_linux #pentest_os #red_team
👉 Feel free to use! 👈
With the release of Kali Linux 2025.3, a major update introduces an innovative tool that combines artificial intelligence and cybersecurity: the Gemini Command-Line Interface (CLI).
This new open-source package integrates Google's powerful Gemini AI directly into the terminal, offering penetration testers and security professionals an intelligent assistant designed to streamline and automate complex security workflows.
🛠️ Installation 🛠️
#kali_linux #pentest_os #red_team
🔥2