CVE-2024-52301: Improper Input Validation in Laravel Framework, 8.7 rating❗️
The vulnerability allows an attacker to change environment using a special crafted query string.
More then 830k instances at Netlas.io:
👉 Link: https://nt.ls/CDJgv
👉 Dork: http.headers.set_cookie:"laravel_session="
Vendor's advisory: https://github.com/laravel/framework/security/advisories/GHSA-gv7v-rgg6-548h
The vulnerability allows an attacker to change environment using a special crafted query string.
More then 830k instances at Netlas.io:
👉 Link: https://nt.ls/CDJgv
👉 Dork: http.headers.set_cookie:"laravel_session="
Vendor's advisory: https://github.com/laravel/framework/security/advisories/GHSA-gv7v-rgg6-548h
❤3👍3🔥1
Hey everyone! 🎉
A big, warm welcome to all our new members! 💕 And to our amazing long-time supporters, thank you for sticking around and making this community what it is today! 🙌
If you’ve been finding value in the bug bounty updates, cybersecurity tips, and job opportunities I share, I’d truly appreciate your support. ⭐ You can boost or give a star to Brut Security—it keeps me motivated to keep delivering the best content for you all! 💻🔒
Thanks for being such an incredible community. Your encouragement means everything!❤️ 💟
A big, warm welcome to all our new members! 💕 And to our amazing long-time supporters, thank you for sticking around and making this community what it is today! 🙌
If you’ve been finding value in the bug bounty updates, cybersecurity tips, and job opportunities I share, I’d truly appreciate your support. ⭐ You can boost or give a star to Brut Security—it keeps me motivated to keep delivering the best content for you all! 💻🔒
Thanks for being such an incredible community. Your encouragement means everything!
Please open Telegram to view this post
VIEW IN TELEGRAM
1❤9🔥2
"http://target.com" send_keys
"http://target.com" password
"http://target.com" api_key
"http://target.com" apikey
"http://target.com" jira_password
"http://target.com" root_password
"http://target.com" access_token
"http://target.com" config
"http://target.com" client_secret
"http://target.com" user auth
Please open Telegram to view this post
VIEW IN TELEGRAM
Target
Target : Expect More. Pay Less.
Shop Target online and in-store for everything from groceries and essentials to clothing and electronics. Choose contactless pickup or delivery today.
👍13🔥6❤2
It’s been a while! How’s everyone doing? Let me know what resources you need in cybersecurity. Please note, no requests for pirated material.
🔥7👍1
Please open Telegram to view this post
VIEW IN TELEGRAM
1👍12❤6🔥1
⚠️ S3 Bucket Recon ⚠️
Source : https://github.com/securitycipher/awsome-websecurity-checklist/blob/main/Mindmaps/S3-Bucket%20Recon.png
Source : https://github.com/securitycipher/awsome-websecurity-checklist/blob/main/Mindmaps/S3-Bucket%20Recon.png
GitHub
awsome-websecurity-checklist/Mindmaps/S3-Bucket Recon.png at main · securitycipher/awsome-websecurity-checklist
Contribute to securitycipher/awsome-websecurity-checklist development by creating an account on GitHub.
👍7
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥4
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
❤8👍1
BGPView for Reconnaissance
- Get ASN Information
- Enumerate IP Prefixes for an ASN
- Retrieve IP Address Details
- Search ASN, IP, or Domain Together
- Upstreams
- Upstreams [ IPv4 ]
- Upstreams [ IPv6 ]
- All Peers
- Extract ASN Prefixes with Peer Details
- Downstreams
- Subdomain Enumeration from ASN
- Query ASN by Organization Name
© Yasin
- Get ASN Information
curl -s "https://api.bgpview.io/asn/AS12345" | jq
- Enumerate IP Prefixes for an ASN
curl -s "https://api.bgpview.io/asn/AS12345/prefixes" | jq '.data.ipv4_prefixes[] | .prefix'
- Retrieve IP Address Details
curl -s "https://api.bgpview.io/ip/8.8.8.8" | jq
- Search ASN, IP, or Domain Together
curl -s "https://api.bgpview.io/search?query=example.com" | jq '.data'
- Upstreams
curl -s "https://api.bgpview.io/asn/AS12345/upstreams" | jq
- Upstreams [ IPv4 ]
curl -s "https://api.bgpview.io/asn/AS12345/upstreams" | jq '.data.ipv4_upstreams[] | {asn, name, denoscription, country: .country_code}'
- Upstreams [ IPv6 ]
curl -s "https://api.bgpview.io/asn/AS12345/upstreams" | jq '.data.ipv6_upstreams[] | {asn, name, denoscription, country: .country_code}'
- All Peers
curl -s "https://api.bgpview.io/asn/AS12345/peers" | jq '[.data.ipv4_peers[], .data.ipv6_peers[]] | map({asn, name, denoscription, country: .country_code})'
- Extract ASN Prefixes with Peer Details
curl -s "https://api.bgpview.io/asn/AS12345/peers" | jq '[.data.ipv4_peers[], .data.ipv6_peers[]] | map({asn, name, denoscription, country: .country_code, prefix: .prefix})'
- Downstreams
curl -s "https://api.bgpview.io/asn/AS12345/downstreams" | jq
- Subdomain Enumeration from ASN
curl -s "https://api.bgpview.io/asn/AS12345/prefixes"
dig -x $prefix
done
- Query ASN by Organization Name
curl -s "https://api.bgpview.io/search?query=google" | jq '.data.asns[] | {asn, name, denoscription}'
Please open Telegram to view this post
VIEW IN TELEGRAM
👍12🐳4❤2
CVE-2024-52052, -053, -054, -055, -056: Multiple vulnerabilitites in Wowza Streaming Engine, 5.1 - 9.4 rating 🔥
Five recent vulnerabilities we almost missed. RCE, stored XSS, file read, file write, and folder deletion - vulnerabilities for every taste!
Search at Netlas.io:
👉 Link: https://nt.ls/8BudC
👉 Dork: http.favicon.hash_sha256:3641ed4d68a0362f1ef45069584a71b0940acfcdb6abf8c13b8fc29837160a81 OR http.headers.server:"WowzaStreamingEngine"
Read more: https://www.rapid7.com/blog/post/2024/11/20/multiple-vulnerabilities-in-wowza-streaming-engine-fixed/
Five recent vulnerabilities we almost missed. RCE, stored XSS, file read, file write, and folder deletion - vulnerabilities for every taste!
Search at Netlas.io:
👉 Link: https://nt.ls/8BudC
👉 Dork: http.favicon.hash_sha256:3641ed4d68a0362f1ef45069584a71b0940acfcdb6abf8c13b8fc29837160a81 OR http.headers.server:"WowzaStreamingEngine"
Read more: https://www.rapid7.com/blog/post/2024/11/20/multiple-vulnerabilities-in-wowza-streaming-engine-fixed/
👍1
This media is not supported in your browser
VIEW IN TELEGRAM
1. Go to
chrome://extensions2. Turn on Developer mode
3. Copy the extension ID
4. Go to
~/Library/Application Support/Google/Chrome/Default/Extensions5. Find the matching
ID then find the manifest.json file!Please open Telegram to view this post
VIEW IN TELEGRAM
👍7
CVE-2024-8932, -8929, -11233, -11236, -11234: Multiple vulnerabilities in PHP, 4.8 - 9.8 rating 🔥
Five vulnerabilities in some PHP versions, which allowing attackers to leak sensitive information, execute arbitrary code, or launch DoS attacks.
More then 700k instances at Netlas.io:
👉 Link 1 (tag, more precisely): https://nt.ls/yIHH8
👉 Dork: tag.php.version:(>=8.1.0 AND <8.1.31) OR tag.php.version:(>=8.2.0 AND <8.2.26) OR tag.php.version:(>=8.3.0 AND <8.3.14)
👉 Link 2 (not tag, all PHP instances): https://nt.ls/9GJlg
👉 Dork: http.headers.x_powered_by:"php" OR http.headers.set_cookie:"PHPSESSID" OR http.headers.server:"PHP"
Vendor's advisories: https://github.com/php/php-src/security
Five vulnerabilities in some PHP versions, which allowing attackers to leak sensitive information, execute arbitrary code, or launch DoS attacks.
More then 700k instances at Netlas.io:
👉 Link 1 (tag, more precisely): https://nt.ls/yIHH8
👉 Dork: tag.php.version:(>=8.1.0 AND <8.1.31) OR tag.php.version:(>=8.2.0 AND <8.2.26) OR tag.php.version:(>=8.3.0 AND <8.3.14)
👉 Link 2 (not tag, all PHP instances): https://nt.ls/9GJlg
👉 Dork: http.headers.x_powered_by:"php" OR http.headers.set_cookie:"PHPSESSID" OR http.headers.server:"PHP"
Vendor's advisories: https://github.com/php/php-src/security
👍3❤2
Black Friday & Cyber Monday Discount at Netlas 🎉
Take advantage of our exclusive Black Friday & Cyber Monday deal: 20% off Freelancer and Business subnoscriptions for both monthly and annual billing cycles!
The best part? This isn’t just a one-time discount – it’s your forever price as long as your subnoscription remains active or until base prices are reconsidered 🔥
All you need to claim your forever discount is the code: BFCM2024.
👉 Learn more here: https://nt.ls/2WiQ0
Take advantage of our exclusive Black Friday & Cyber Monday deal: 20% off Freelancer and Business subnoscriptions for both monthly and annual billing cycles!
The best part? This isn’t just a one-time discount – it’s your forever price as long as your subnoscription remains active or until base prices are reconsidered 🔥
All you need to claim your forever discount is the code: BFCM2024.
👉 Learn more here: https://nt.ls/2WiQ0
👍2❤1🐳1