good morning Hacker's, what's your favorite position for fex ?🤤🤤

FREE labs to practice mobile app pentesting

>. https://code.google.com/archive/p/dvaa/
>. https://github.com/prateek147/DVIA-v2
>. https://securitycompass.github.io/iPhoneLabs/
>. https://code.google.com/archive/p/owasp-igoat/
>. https://maddiestone.github.io/AndroidAppRE/
>. https://ctf.hpandro.raviramesh.info/

#hacker_bano_chutiya_nhe 🌜🤤🌛

CVE-2022-42889 PoC

This is Proof of Concept for the vulnerability CVE-2022-42889. This code will run the JavaScript code 195 + 324. If vulnerable the output should be: PoC Output: 519

https://github.com/SeanWrightSec/CVE-2022-42889-PoC

Details:
https://blogs.apache.org/security/entry/cve-2022-42889

#cve #poc

CVE-2022-42889 (Text4Shell) OSS detector - Finds possibly vulnerable JAR files
https://ift.tt/Fk7zU31

Submitted October 18, 2022 at 09:19PM by SRMish3
via reddit https://ift.tt/rfSNsdR

​​CVE-2022-22947

Spring Cloud Gateway < 3.0.7 & < 3.1.1 Code Injection (RCE)

Applications using Spring Cloud Gateway are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.

https://github.com/crowsec-edtech/CVE-2022-22947

#cve

​​CVE-2022-41040-metasploit-ProxyNotShell

the metasploit script(POC) about CVE-2022-41040. Microsoft Exchange are vulnerable to a server-side request forgery (SSRF) attack. An authenticated attacker can use the vulnerability to elevate privileges.

https://github.com/TaroballzChen/CVE-2022-41040-metasploit-ProxyNotShell

App:- https://play.google.com/store/apps/details?id=com.innovate.IndonesiaSocial

» cdn-v3.justsayhi.com

Enjoy with indonesia using info. leaking

(id, name, email, email_verified_at, password, profile_photo_path, is_customer, customer_id, remember_token, status, is_test, created_at, updated_at)

cards (id, card_number, exp_date, cvv, first_name, last_name, address, city, state, zip, status, type, created_at, updated_at)

Buy Unlimited Virtual Credit Cards At Cheap Price For Got Any Type Free Trial Subscription
Note : VCC Support Only USA
https://vcczone.com/

Indonesian nuclear agency internal files leak

Details:
These 1.4 gb worth of files regarding the Nuclear power authority in Indonesia are being leaked in response to police brutality and corruption by the Indonesian government.

Download link(Updated): https://pixeldrain.com/u/GsgZb1uc

​​text4shell-scan

A fully automated, accurate, and extensive scanner for finding vulnerable text4shell hosts

Features:
▫️ Support for lists of URLs.
▫️ Fuzzing for more than 60 HTTP request headers.
▫️ Fuzzing for HTTP POST Data parameters.
▫️ Fuzzing for JSON data parameters.
▫️ Supports DNS callback for vulnerability discovery and validation.
▫️ WAF Bypass payloads.
▫️ Support for custom DNS OOB callbacks (ex: Burpsuite Collaborator)

https://github.com/securekomodo/text4shell-scan

Detecting and mitigating CVE-2022-42889 a.k.a. Text4shell
https://ift.tt/4fUISJG

Submitted October 19, 2022 at 06:48PM by MiguelHzBz
via reddit https://ift.tt/q43Vpfy

Happy Chhoti Diwali 🙏🏻