CVE-2024-8073: Command Injection in Hillstone Networks Firewalls, 9.8 rating 🔥
The freshest vulnerability in Hillstone WAFs allows an attacker to perform RCE due to incorrect input validation.
Search at Netlas.io:
👉 Link: https://nt.ls/YZWqU
👉 Dork: http.noscript:"Hillstone Networks"
Vendor's advisory: https://www.hillstonenet.com.cn/security-notification/2024/08/21/mlzrld-2/
The freshest vulnerability in Hillstone WAFs allows an attacker to perform RCE due to incorrect input validation.
Search at Netlas.io:
👉 Link: https://nt.ls/YZWqU
👉 Dork: http.noscript:"Hillstone Networks"
Vendor's advisory: https://www.hillstonenet.com.cn/security-notification/2024/08/21/mlzrld-2/
🔥5👍2🤣1
Telegram CEO is arrested, so there is a probability that telegram will end the services or it's services will be blocked on different countries. So as a backup you can join our discord channel. Thanks!
https://discord.gg/NTU2q8gU5K
https://discord.gg/NTU2q8gU5K
Discord
Join the Brut Security Discord Server!
Check out the Brut Security community on Discord - hang out with 724 other members and enjoy free voice and text chat.
🤣1
This media is not supported in your browser
VIEW IN TELEGRAM
Wake Up! Your Mom and Dad are waiting for your success 🤩 They're both running out of time.
Please open Telegram to view this post
VIEW IN TELEGRAM
❤18😢4❤🔥2👍2🤣1
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - AutoRecon/AutoRecon: AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of…
AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services. - AutoRecon/AutoRecon
🤣3
CVE-2024-6386: RCE in WPML WordPress Plugin, 9.9 rating 🔥
Due to the lack of input validation, an attacker can execute code on the affected server.
Search at Netlas.io:
👉 Link: https://nt.ls/caxUk
👉 Dork: http.body:"plugins/wpml"
Read more: https://sec.stealthcopter.com/wpml-rce-via-twig-ssti/
Due to the lack of input validation, an attacker can execute code on the affected server.
Search at Netlas.io:
👉 Link: https://nt.ls/caxUk
👉 Dork: http.body:"plugins/wpml"
Read more: https://sec.stealthcopter.com/wpml-rce-via-twig-ssti/
👍6🤣1
Useful Google Dorks that bug bounty hunters can leverage to find sensitive information: 👇🏻
1. Discovering Exposed Files:
- innoscript:"index of" "site:target.com"
- filetype:log inurl:log site:target.com
- filetype:sql inurl:sql site:target.com
- filetype:env inurl:.env site:target.com
2. Finding Sensitive Directories:
- inurl:/phpinfo.php site:target.com
- inurl:/admin site:target.com
- inurl:/backup site:target.com
- inurl:wp- site:target.com
3. Exposed Configuration Files:
- filetype:config inurl:config site:target.com
- filetype:ini inurl:wp-config.php site:target.com
- filetype:json inurl:credentials site:target.com
4. Discovering Usernames and Passwords:
- intext:"password" filetype:log site:target.com
- intext:"username" filetype:log site:target.com
- filetype:sql "password" site:target.com
5. Finding Database Files:
- filetype:sql inurl:db site:target.com
- filetype:sql inurl:dump site:target.com
- filetype:bak inurl:db site:target.com
6. Exposed Git Repositories:
- inurl:".git" site:target.com
- inurl:"/.git/config" site:target.com
- innoscript:"index of" ".git" site:target.com
7. Finding Publicly Exposed Emails:
- intext:"email" site:target.com
- inurl:"contact" intext:"@target.com" -www.target.com
- filetype:xls inurl:"email" site:target.com
8. Discovering Vulnerable Web Servers:
- innoscript:"Apache2 Ubuntu Default Page: It works" site:target.com
- innoscript:"Index of /" "Apache Server" site:target.com
- innoscript:"Welcome to nginx" site:target.com
9. Finding API Keys:
- filetype:env "DB_PASSWORD" site:target.com
- intext:"api_key" filetype:env site:target.com
- intext:"AWS_ACCESS_KEY_ID" filetype:env site:target.com
10. Exposed Backup Files:
- filetype:bak inurl:backup site:target.com
- filetype:bak inurl:backup site:target.com
- filetype:zip inurl:backup site:target.com
- filetype:tgz inurl:backup site:target.com
Replace target.com with the domain or target you are focusing on.
#GoogleDorks
#BugHunting
#OSINT
1. Discovering Exposed Files:
- innoscript:"index of" "site:target.com"
- filetype:log inurl:log site:target.com
- filetype:sql inurl:sql site:target.com
- filetype:env inurl:.env site:target.com
2. Finding Sensitive Directories:
- inurl:/phpinfo.php site:target.com
- inurl:/admin site:target.com
- inurl:/backup site:target.com
- inurl:wp- site:target.com
3. Exposed Configuration Files:
- filetype:config inurl:config site:target.com
- filetype:ini inurl:wp-config.php site:target.com
- filetype:json inurl:credentials site:target.com
4. Discovering Usernames and Passwords:
- intext:"password" filetype:log site:target.com
- intext:"username" filetype:log site:target.com
- filetype:sql "password" site:target.com
5. Finding Database Files:
- filetype:sql inurl:db site:target.com
- filetype:sql inurl:dump site:target.com
- filetype:bak inurl:db site:target.com
6. Exposed Git Repositories:
- inurl:".git" site:target.com
- inurl:"/.git/config" site:target.com
- innoscript:"index of" ".git" site:target.com
7. Finding Publicly Exposed Emails:
- intext:"email" site:target.com
- inurl:"contact" intext:"@target.com" -www.target.com
- filetype:xls inurl:"email" site:target.com
8. Discovering Vulnerable Web Servers:
- innoscript:"Apache2 Ubuntu Default Page: It works" site:target.com
- innoscript:"Index of /" "Apache Server" site:target.com
- innoscript:"Welcome to nginx" site:target.com
9. Finding API Keys:
- filetype:env "DB_PASSWORD" site:target.com
- intext:"api_key" filetype:env site:target.com
- intext:"AWS_ACCESS_KEY_ID" filetype:env site:target.com
10. Exposed Backup Files:
- filetype:bak inurl:backup site:target.com
- filetype:bak inurl:backup site:target.com
- filetype:zip inurl:backup site:target.com
- filetype:tgz inurl:backup site:target.com
Replace target.com with the domain or target you are focusing on.
#GoogleDorks
#BugHunting
#OSINT
❤13👍8🔥5🤣1
CVE-2024-43425: RCE in Moodle, PoC is available 🔥🔥🔥
Due to incomplete sanitization in the “calculated questions” feature, attackers can transmit and execute arbitrary code, which can be used to disclose students’ confidential information or disrupt the entire learning process.
Search at Netlas.io:
👉 Link: https://nt.ls/6WaFx
👉 Dork: http.headers.set_cookie:"MoodleSession"
Read more: https://blog.redteam-pentesting.de/2024/moodle-rce/
Due to incomplete sanitization in the “calculated questions” feature, attackers can transmit and execute arbitrary code, which can be used to disclose students’ confidential information or disrupt the entire learning process.
Search at Netlas.io:
👉 Link: https://nt.ls/6WaFx
👉 Dork: http.headers.set_cookie:"MoodleSession"
Read more: https://blog.redteam-pentesting.de/2024/moodle-rce/
❤7👍5🤣1
Please open Telegram to view this post
VIEW IN TELEGRAM
👍4
⚡https://github.com/vladko312/SSTImap
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥8
Presentation.pdf
3.9 MB
Deobfuscation and analysis
of client-side JavaScript code
to detect DOM-based XSS.
of client-side JavaScript code
to detect DOM-based XSS.
👍7
minikube.pem
test_key.pem
test_rsa_privkey.pem
test_rsa_privkey_encrypted.pem
rsakey.pem
key.pem
certificate.pem
private_key.pem
public_key.pem
privkey.pem
dhparams.pem
ios_push_certificate.pem
keycert.passwd.pem
ca1-key.pem
key-certbot.pem
key2048.pem
private.pem
Please open Telegram to view this post
VIEW IN TELEGRAM
👍7❤5👏4🔥2
⚡️Command for Hidden JS Parameter Discovery.
This command takes your recon game to the next level!⚡️
cat subs.txt | (gau --threads 20 --blacklist jpg,jpeg,gif,png,tiff,ttf,otf,woff,woff2,ico,noscript,pdf,txt,mp4,avi,mov,mkv,exe,zip,tar,gz,rar,7z hakrawler --depth 5 --plain --insecure waybackurls || katana -d 5 --js-crawl --auto-redirect --extensions js,json,php,aspx,asp,jsp,html,htm --proxy http://127.0.0.1:8080 ) | sort -u | httpx --silent --threads 200 --status-code --noscript --tech-detect --content-length --server | tee -a httpx_full.txt | grep -Eiv '\.(eot|jpg|jpeg|gif|css|tif|tiff|png|ttf|otf|woff|woff2|ico|noscript|txt|pdf|mp4|avi|mov|mkv|exe|zip|tar|gz|rar|7z|css|doc|docx|xls|xlsx|ppt|pptx)$' | while read url; do vars=$(curl -sL $url | grep -Eo "(var |let |const |function |class |import |export )[a-zA-Z0-9_]+" | sed -e 's, "$url"', -e 's/\(var \|let \|const \|function \|class \|import \|export \)//g' | grep -Eiv '\.js$|\. [a-zA-Z0-9]+\.[a-zA-Z0-9]+$' | sed 's/$/= $FUZZ /'); echo -e "\e[1;33m$url\e[1;32m$vars"; done | tee -a js_parameters.txt
This command takes your recon game to the next level!⚡️
❤18👍4
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - lauritzh/domscan: Simple tool to scan a website for (DOM-based) XSS vulnerabilities and Open Redirects.
Simple tool to scan a website for (DOM-based) XSS vulnerabilities and Open Redirects. - lauritzh/domscan
👍1