CVE-2024-6385: Improper Access Control in GitLab, 9.6 rating 🔥
The new vulnerability allows an attacker to run pipeline jobs with the rights of any other user.
Search at Netlas.io:
👉 Link: https://nt.ls/HvsUY
👉 Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef
Read more: https://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-bug-that-lets-attackers-run-pipelines-as-an-arbitrary-user/
The new vulnerability allows an attacker to run pipeline jobs with the rights of any other user.
Search at Netlas.io:
👉 Link: https://nt.ls/HvsUY
👉 Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef
Read more: https://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-bug-that-lets-attackers-run-pipelines-as-an-arbitrary-user/
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
CVE-2024-4879 | Template Injection Vulnerability in ServiceNow | Bug Bounty POC | Brut Security
🚨CVE-2024-4879 & CVE-2024-5217: ServiceNow Security Vulnerabilities Expose Businesses to RCE and Data Breaches
⚖These vulnerabilities enable unauthenticated remote attackers to execute arbitrary code within the Now Platform,
potentially leading to complete…
⚖These vulnerabilities enable unauthenticated remote attackers to execute arbitrary code within the Now Platform,
potentially leading to complete…
🤡2❤1🔥1
Brut Security
Please open Telegram to view this post
VIEW IN TELEGRAM
👍4
Brut Security
Parameters where you can try Command Injection. ?cmd={payload} ?exec={payload} ?command={payload} ?execute{payload} ?ping={payload} ?query={payload} ?jump={payload} ?code={payload} ?reg={payload} ?do={payload} ?func={payload} ?arg={payload} …
Keep Checking Old Posts 🍿
Please open Telegram to view this post
VIEW IN TELEGRAM
👍2
url/?f=etc/passwd ==> 403
encode etc/passwd as base64
url/?f=L2V0Yy9wYXNzd2Q= ==> 200
#note
you can use this trick in SQL , SSTI , XSS , LFI , Etc...
By:@GodfatherOrwa
#bugbountytips #BugBounty
encode etc/passwd as base64
url/?f=L2V0Yy9wYXNzd2Q= ==> 200
#note
you can use this trick in SQL , SSTI , XSS , LFI , Etc...
By:@GodfatherOrwa
#bugbountytips #BugBounty
👍10🔥2🤔2❤1
Please open Telegram to view this post
VIEW IN TELEGRAM
🤣4
Please open Telegram to view this post
VIEW IN TELEGRAM
WhatsApp.com
Brut Security Academy
Business Account
Find public files in Amazon S3
http://s3digger.com
Find public files in Dropbox
https://drodigger.com
Find public files in Disk Yandex
https://yadigger.com
Find public files in Google Drive
https://drodigger.com
Find public files in other file sharing sites
https://fidigger.com
Find public files on url shortening sites
https://shortdigger.com
http://s3digger.com
Find public files in Dropbox
https://drodigger.com
Find public files in Disk Yandex
https://yadigger.com
Find public files in Google Drive
https://drodigger.com
Find public files in other file sharing sites
https://fidigger.com
Find public files on url shortening sites
https://shortdigger.com
👍4❤2
Please open Telegram to view this post
VIEW IN TELEGRAM
❤11👍4
Brut Security
/****/: This is a directory traversal sequence, which is used to navigate through the file system. The **** is a common pattern used to traverse directories, allowing an attacker to access files outside of the web root.
👍4
Brut Security pinned «💥 2 Days Left for Registration of July Batch: Extreme Web Application Penetration Testing 💥 🚨 Classes Starting From- Tuesday 16 July, 4PM INDIAN STANDARD TIME 💯 Registration Link- https://wa.me/message/NQLPOBIAEFDBN1 ⭕️ Join us for an intensive 2-month course…»
👁 Nmap Cheat Sheet 2024: All the Commands & Flags.
https://www.stationx.net/nmap-cheat-sheet/
• Host Discovery;
• Output Format Scan;
• Understanding Nmap Packet Trace;
• Nmap Scan with Timing Parameters;
• Nmap Scans using Hex Value of Flags;
• Forensic Investigation of Nmap Scan using Wireshark;
• Understanding Guide for Nmap Timing Scan (Firewall Bypass);
• Understanding Guide for Nmap Ping Scan (Firewall Bypass);
• Comprehensive Guide on Nmap Port Status;
• How to Detect NMAP Scan Using Snort;
• Understanding Guide to Nmap Firewall Scan (Part 2);
• Understanding Guide to Nmap Firewall Scan (Part 1);
• Understanding Nmap Scan with Wireshark;
• Password Cracking using Nmap;
• Vulnerability Scan;
• Network Scanning using NMAP (Beginner Guide);
• MSSQL Penetration Testing using Nmap;
• MySQL Penetration Testing with Nmap.
https://www.stationx.net/nmap-cheat-sheet/
• Host Discovery;
• Output Format Scan;
• Understanding Nmap Packet Trace;
• Nmap Scan with Timing Parameters;
• Nmap Scans using Hex Value of Flags;
• Forensic Investigation of Nmap Scan using Wireshark;
• Understanding Guide for Nmap Timing Scan (Firewall Bypass);
• Understanding Guide for Nmap Ping Scan (Firewall Bypass);
• Comprehensive Guide on Nmap Port Status;
• How to Detect NMAP Scan Using Snort;
• Understanding Guide to Nmap Firewall Scan (Part 2);
• Understanding Guide to Nmap Firewall Scan (Part 1);
• Understanding Nmap Scan with Wireshark;
• Password Cracking using Nmap;
• Vulnerability Scan;
• Network Scanning using NMAP (Beginner Guide);
• MSSQL Penetration Testing using Nmap;
• MySQL Penetration Testing with Nmap.
StationX
Nmap Cheat Sheet 2026: All the Commands & Flags
Discover the most useful nmap scanning, enumeration, and evasion commands with our comprehensive Nmap cheat sheet and take your hacking to the next level.
👍2🔥2❤1