Crushed | Exploiting Arbitrary File Read on CrushFTP! (CVE-2024-4040)
Google Dork: innoscript:"CrushFTP WebInterface" inurl:/WebInterface/login.html
Shodan Dork: http.favicon.hash:-1022206565
POC: https://github.com/Stuub/CVE-2024-4040-SSTI-LFI-PoC
Google Dork: innoscript:"CrushFTP WebInterface" inurl:/WebInterface/login.html
Shodan Dork: http.favicon.hash:-1022206565
POC: https://github.com/Stuub/CVE-2024-4040-SSTI-LFI-PoC
🤯3👍1
Which of the following is used to access content outside the root of a website?
Final Results
7%
Brute force
12%
Port scanning
14%
SQL injection
68%
Directory traversal
👍4🐳2
🚨LazyEgg - Hunting JS Files🚨
💥Command: waybackurls target | grep '\.js$' | awk -F '?' '{print $1}' | sort -u | xargs -I{} bash -c 'echo -e "\ntarget : {}\n" && python lazyegg[.]py "{}" --js_urls --domains --ips'
🔗Download https://lnkd.in/gnRJ5mzw
💥Command: waybackurls target | grep '\.js$' | awk -F '?' '{print $1}' | sort -u | xargs -I{} bash -c 'echo -e "\ntarget : {}\n" && python lazyegg[.]py "{}" --js_urls --domains --ips'
🔗Download https://lnkd.in/gnRJ5mzw
❤4👍2
🚨Ready to level up your cybersecurity skills and earn rewards?
📢Join our 30-day bug bounty challenge and learn the art of bug bounty hunting!
😉Over 30 days, you'll receive daily tasks to help you master:
Information gathering and reconnaissance
Vulnerability identification and exploitation
Web application security testing
API security testing
Cloud security testing
Fuzz testing
Machine learning and AI in security
Business logic vulnerabilities
Deserialization vulnerabilities
Server-side request forgery (SSRF)
👌Plus, you'll get access to resources and references to help you along the way!
📝Complete the challenge and earn a Certificate of Completion to showcase your skills!
💖Join the community and start your journey to cybersecurity mastery today!
🔗Join Now: https://nas.io/brutsecurity/challenges/bug-bounty-blitz-30-days-of-learning
📢Join our 30-day bug bounty challenge and learn the art of bug bounty hunting!
😉Over 30 days, you'll receive daily tasks to help you master:
Information gathering and reconnaissance
Vulnerability identification and exploitation
Web application security testing
API security testing
Cloud security testing
Fuzz testing
Machine learning and AI in security
Business logic vulnerabilities
Deserialization vulnerabilities
Server-side request forgery (SSRF)
👌Plus, you'll get access to resources and references to help you along the way!
📝Complete the challenge and earn a Certificate of Completion to showcase your skills!
💖Join the community and start your journey to cybersecurity mastery today!
🔗Join Now: https://nas.io/brutsecurity/challenges/bug-bounty-blitz-30-days-of-learning
🔥6
Brut Security pinned «🚨Ready to level up your cybersecurity skills and earn rewards? 📢Join our 30-day bug bounty challenge and learn the art of bug bounty hunting! 😉Over 30 days, you'll receive daily tasks to help you master: Information gathering and reconnaissance Vulnerability…»
🚀 Advance Your Career in Cybersecurity with Our Comprehensive VAPT Course! 🚀
🚨Are you ready to become a cybersecurity expert? Enroll in our Vulnerability Assessment and Penetration Testing (VAPT) course and gain the skills you need to protect critical systems and data.
📢Key Features:
🔸Live Trainer-Led Online Training: Engage in interactive sessions led by experienced cybersecurity professionals.
🔸50 Hours of Classes Over 3 Months: Comprehensive coverage of VAPT topics, allowing for in-depth learning and mastery.
🔸70% Practical Oriented: Emphasis on hands-on labs and real-world scenarios to ensure you can apply what you learn.
🔸Pay in 2 Installments: Flexible payment options to suit your financial needs.
🔸Career Oriented Training: Focused on building the skills needed for a successful career in cybersecurity.
🔸2 Practical Assignments & 1 Capture The Flag (CTF) Exam: Practical assessments to test and enhance your skills.
👉 Register Now: https://wa.me/message/NQLPOBIAEFDBN1
🚨Are you ready to become a cybersecurity expert? Enroll in our Vulnerability Assessment and Penetration Testing (VAPT) course and gain the skills you need to protect critical systems and data.
📢Key Features:
🔸Live Trainer-Led Online Training: Engage in interactive sessions led by experienced cybersecurity professionals.
🔸50 Hours of Classes Over 3 Months: Comprehensive coverage of VAPT topics, allowing for in-depth learning and mastery.
🔸70% Practical Oriented: Emphasis on hands-on labs and real-world scenarios to ensure you can apply what you learn.
🔸Pay in 2 Installments: Flexible payment options to suit your financial needs.
🔸Career Oriented Training: Focused on building the skills needed for a successful career in cybersecurity.
🔸2 Practical Assignments & 1 Capture The Flag (CTF) Exam: Practical assessments to test and enhance your skills.
👉 Register Now: https://wa.me/message/NQLPOBIAEFDBN1
Exploit all vulnerable ip's: CVE-2024-24919
https://github.com/seed1337/CVE-2024-24919-POC
https://github.com/seed1337/CVE-2024-24919-POC
GitHub
GitHub - seed1337/CVE-2024-24919-POC
Contribute to seed1337/CVE-2024-24919-POC development by creating an account on GitHub.
👍2
Media is too big
VIEW IN TELEGRAM
🚨Go Dork – The Fastest Dork Scanner🚨
👉Searching for relevant things on the Internet is always challenging work. Sometimes we don’t get desired results for our query or question. So to solve this problem, there is a concept of Dorking.
🔗Github: https://github.com/dwisiswant0/go-dork
👉Searching for relevant things on the Internet is always challenging work. Sometimes we don’t get desired results for our query or question. So to solve this problem, there is a concept of Dorking.
🔗Github: https://github.com/dwisiswant0/go-dork
👍3🤔1
Media is too big
VIEW IN TELEGRAM
🚨Check Point Quantum Gateway - CVE-2024-24919🚨
👉CVE-2024-24919 is an information disclosure vulnerability that can allow an attacker to access certain information on internet-connected Gateways which have been configured with IPSec VPN, remote access VPN or mobile access software blade.
🔗Github POC: https://github.com/seed1337/CVE-2024-24919-POC
👉CVE-2024-24919 is an information disclosure vulnerability that can allow an attacker to access certain information on internet-connected Gateways which have been configured with IPSec VPN, remote access VPN or mobile access software blade.
🔗Github POC: https://github.com/seed1337/CVE-2024-24919-POC
👍2🤯1