CVE-2024-6385: Improper Access Control in GitLab, 9.6 rating 🔥
The new vulnerability allows an attacker to run pipeline jobs with the rights of any other user.
Search at Netlas.io:
👉 Link: https://nt.ls/HvsUY
👉 Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef
Read more: https://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-bug-that-lets-attackers-run-pipelines-as-an-arbitrary-user/
The new vulnerability allows an attacker to run pipeline jobs with the rights of any other user.
Search at Netlas.io:
👉 Link: https://nt.ls/HvsUY
👉 Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef
Read more: https://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-bug-that-lets-attackers-run-pipelines-as-an-arbitrary-user/
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
CVE-2024-4879 | Template Injection Vulnerability in ServiceNow | Bug Bounty POC | Brut Security
🚨CVE-2024-4879 & CVE-2024-5217: ServiceNow Security Vulnerabilities Expose Businesses to RCE and Data Breaches
⚖These vulnerabilities enable unauthenticated remote attackers to execute arbitrary code within the Now Platform,
potentially leading to complete…
⚖These vulnerabilities enable unauthenticated remote attackers to execute arbitrary code within the Now Platform,
potentially leading to complete…
🤡2❤1🔥1
Brut Security
Please open Telegram to view this post
VIEW IN TELEGRAM
👍4
Brut Security
Parameters where you can try Command Injection. ?cmd={payload} ?exec={payload} ?command={payload} ?execute{payload} ?ping={payload} ?query={payload} ?jump={payload} ?code={payload} ?reg={payload} ?do={payload} ?func={payload} ?arg={payload} …
Keep Checking Old Posts 🍿
Please open Telegram to view this post
VIEW IN TELEGRAM
👍2
url/?f=etc/passwd ==> 403
encode etc/passwd as base64
url/?f=L2V0Yy9wYXNzd2Q= ==> 200
#note
you can use this trick in SQL , SSTI , XSS , LFI , Etc...
By:@GodfatherOrwa
#bugbountytips #BugBounty
encode etc/passwd as base64
url/?f=L2V0Yy9wYXNzd2Q= ==> 200
#note
you can use this trick in SQL , SSTI , XSS , LFI , Etc...
By:@GodfatherOrwa
#bugbountytips #BugBounty
👍10🔥2🤔2❤1
Please open Telegram to view this post
VIEW IN TELEGRAM
🤣4
Please open Telegram to view this post
VIEW IN TELEGRAM
WhatsApp.com
Brut Security Academy
Business Account
Find public files in Amazon S3
http://s3digger.com
Find public files in Dropbox
https://drodigger.com
Find public files in Disk Yandex
https://yadigger.com
Find public files in Google Drive
https://drodigger.com
Find public files in other file sharing sites
https://fidigger.com
Find public files on url shortening sites
https://shortdigger.com
http://s3digger.com
Find public files in Dropbox
https://drodigger.com
Find public files in Disk Yandex
https://yadigger.com
Find public files in Google Drive
https://drodigger.com
Find public files in other file sharing sites
https://fidigger.com
Find public files on url shortening sites
https://shortdigger.com
👍4❤2
Please open Telegram to view this post
VIEW IN TELEGRAM
❤11👍4
Brut Security
/****/: This is a directory traversal sequence, which is used to navigate through the file system. The **** is a common pattern used to traverse directories, allowing an attacker to access files outside of the web root.
👍4
Brut Security pinned «💥 2 Days Left for Registration of July Batch: Extreme Web Application Penetration Testing 💥 🚨 Classes Starting From- Tuesday 16 July, 4PM INDIAN STANDARD TIME 💯 Registration Link- https://wa.me/message/NQLPOBIAEFDBN1 ⭕️ Join us for an intensive 2-month course…»
👁 Nmap Cheat Sheet 2024: All the Commands & Flags.
https://www.stationx.net/nmap-cheat-sheet/
• Host Discovery;
• Output Format Scan;
• Understanding Nmap Packet Trace;
• Nmap Scan with Timing Parameters;
• Nmap Scans using Hex Value of Flags;
• Forensic Investigation of Nmap Scan using Wireshark;
• Understanding Guide for Nmap Timing Scan (Firewall Bypass);
• Understanding Guide for Nmap Ping Scan (Firewall Bypass);
• Comprehensive Guide on Nmap Port Status;
• How to Detect NMAP Scan Using Snort;
• Understanding Guide to Nmap Firewall Scan (Part 2);
• Understanding Guide to Nmap Firewall Scan (Part 1);
• Understanding Nmap Scan with Wireshark;
• Password Cracking using Nmap;
• Vulnerability Scan;
• Network Scanning using NMAP (Beginner Guide);
• MSSQL Penetration Testing using Nmap;
• MySQL Penetration Testing with Nmap.
https://www.stationx.net/nmap-cheat-sheet/
• Host Discovery;
• Output Format Scan;
• Understanding Nmap Packet Trace;
• Nmap Scan with Timing Parameters;
• Nmap Scans using Hex Value of Flags;
• Forensic Investigation of Nmap Scan using Wireshark;
• Understanding Guide for Nmap Timing Scan (Firewall Bypass);
• Understanding Guide for Nmap Ping Scan (Firewall Bypass);
• Comprehensive Guide on Nmap Port Status;
• How to Detect NMAP Scan Using Snort;
• Understanding Guide to Nmap Firewall Scan (Part 2);
• Understanding Guide to Nmap Firewall Scan (Part 1);
• Understanding Nmap Scan with Wireshark;
• Password Cracking using Nmap;
• Vulnerability Scan;
• Network Scanning using NMAP (Beginner Guide);
• MSSQL Penetration Testing using Nmap;
• MySQL Penetration Testing with Nmap.
StationX
Nmap Cheat Sheet 2026: All the Commands & Flags
Discover the most useful nmap scanning, enumeration, and evasion commands with our comprehensive Nmap cheat sheet and take your hacking to the next level.
👍2🔥2❤1
This media is not supported in your browser
VIEW IN TELEGRAM
Money comes, money goes. Focus on learning.
In the world of bug bounty hunting, it's easy to get caught up in the pursuit of monetary rewards. However, remember that money comes and goes. The real value lies in the skills and knowledge you gain along the way. Every vulnerability you uncover, every system you test, and every report you write contributes to your growth as a cybersecurity expert. Prioritize learning and honing your craft, and the financial rewards will naturally follow. Stay curious, stay dedicated, and let your passion for learning be your true guide.
Thanks,
The Brut Security Team
In the world of bug bounty hunting, it's easy to get caught up in the pursuit of monetary rewards. However, remember that money comes and goes. The real value lies in the skills and knowledge you gain along the way. Every vulnerability you uncover, every system you test, and every report you write contributes to your growth as a cybersecurity expert. Prioritize learning and honing your craft, and the financial rewards will naturally follow. Stay curious, stay dedicated, and let your passion for learning be your true guide.
Thanks,
The Brut Security Team
👍12💯2❤1