🚨CVE-2024-4367 & CVE-2024-34342: Arbitrary JavaScript execution in PDF.js
👉A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
If pdf.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain.
📢POC: https://www.youtube.com/watch?v=c90_UKJvj_w
📢POC: https://github.com/LOURC0D3/CVE-2024-4367-PoC
👉A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
If pdf.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain.
📢POC: https://www.youtube.com/watch?v=c90_UKJvj_w
📢POC: https://github.com/LOURC0D3/CVE-2024-4367-PoC
🔥3👍2
What are the Cybersecurity Risks of Mobile Banking Apps?
Anonymous Poll
19%
Malware
36%
App Vulnerabilities
28%
Phishing Attacks
16%
Man-in-the-Middle Attacks
This XSS Payload bypasses Imperva's Protection.
<details x=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:2 open ontoggle=alert(origin)>
👍9
🚨Start you cybersecurity career with Brut Security
💥New Batch Starting From July 1st Week!!
💥Why Enroll?
Our course follows industry-standard curriculum, such as CEH by EC-Council, to ensure you gain the essential skills for a career in cybersecurity.
💥Got Questions?
Feel free to DM your queries on our WhatsApp: Chat with Us https://wa.me/918945971332
💥Here's what you'll learn:
Information Gathering
Social Engineering
System Hacking
Network Penetration Testing
Capture the Flag (CTF) Challenges
Basic Forensics
Web Penetration Testing (OWASP Top 10)
👉Course Curriculum: https://brutsec.com/Ethical_Hacking.pdf
💥Course Highlights:
1. International Standard Curriculum: Prepares you for entry-level cybersecurity roles.
2. Hands-On Learning: Practical exercises and real-world scenarios.
3. Community Support: Join our Telegram Community https://news.1rj.ru/str/brutsecurity for peer support and networking.
💥Link- https://nas.io/brutsecurity/ckub
💥Got Questions?
Feel free to DM your queries on our WhatsApp: Chat with Us https://wa.me/918945971332
#brutsecurity #ethicalhacking #cybersecurity
💥New Batch Starting From July 1st Week!!
💥Why Enroll?
Our course follows industry-standard curriculum, such as CEH by EC-Council, to ensure you gain the essential skills for a career in cybersecurity.
💥Got Questions?
Feel free to DM your queries on our WhatsApp: Chat with Us https://wa.me/918945971332
💥Here's what you'll learn:
Information Gathering
Social Engineering
System Hacking
Network Penetration Testing
Capture the Flag (CTF) Challenges
Basic Forensics
Web Penetration Testing (OWASP Top 10)
👉Course Curriculum: https://brutsec.com/Ethical_Hacking.pdf
💥Course Highlights:
1. International Standard Curriculum: Prepares you for entry-level cybersecurity roles.
2. Hands-On Learning: Practical exercises and real-world scenarios.
3. Community Support: Join our Telegram Community https://news.1rj.ru/str/brutsecurity for peer support and networking.
💥Link- https://nas.io/brutsecurity/ckub
💥Got Questions?
Feel free to DM your queries on our WhatsApp: Chat with Us https://wa.me/918945971332
#brutsecurity #ethicalhacking #cybersecurity
WhatsApp.com
Brut Security
Business Account
👍1🗿1
Brut Security pinned «🚨Start you cybersecurity career with Brut Security 💥New Batch Starting From July 1st Week!! 💥Why Enroll? Our course follows industry-standard curriculum, such as CEH by EC-Council, to ensure you gain the essential skills for a career in cybersecurity. …»
Brut Security
A little Automation used and the results are great💥
Simple things make easier. Don't complicate your approaching skills. If you're using automation, there is a 50/50 chance + you need luck to get it triaged. More time devoted to the program, more will be the results. So, I will suggest everyone just doing automation is good, but focus on manual testing is ending with the good results.
❤🔥7👍2
I usually doesn't want to promote bug bounty much, because back in 2015 bugbounty was gold mine, no one knows about it much. Who knows it very well, they mine it till 2022. Afterwards the competition got increased, everyone's want to be full time bug hunter or a cybersecurity professional. When supply increase demand automatically got reduced. So what about the current bugbounty scenario? Yes you can do bugbounty, but without the basic knowledge of any topics don't do that for money only. It'll use your precious time to just waste for nothing. Just want to say Learn and Focus on you, money will follow you. If you reading this till, I hope you have a good day!
👍11❤🔥6❤3
This media is not supported in your browser
VIEW IN TELEGRAM
Cloudflare Bypass Script -
https://github.com/sarperavci/CloudflareBypassForScraping
https://github.com/sarperavci/CloudflareBypassForScraping
❤🔥6🔥2
As I said already it's all about luck!!
You can read about the bug here-
https://hackerone.com/reports/761158 https://hackerone.com/reports/300539
You can read about the bug here-
https://hackerone.com/reports/761158 https://hackerone.com/reports/300539
❤🔥2🤣2
I am posting the bug images intentionally to showcase you that Low fruit bug hunting is not at all hard, but if you do continue enjoying it probably you'll missed something big. These are small happiness which lure you to engage in more automation. Avoid it! And do manual testing! Best Of Luck Everyone👾
❤🔥7👍2