CVE-2023-27524: Apache Superset Auth Bypass
๐ฅ Script to check if an Apache Superset server is running with an insecure default configuration (CVE-2023-27524). The script checks if a Superset server's session cookies are signed with any well-known default Flask SECRET_KEYs.
The --validate flag can be used to validate exploitability by enumerating databases using the Superset API.
requirements:
flask-unsign==1.2.0
requests==2.26.0
Usage:
๐ฅ Script to check if an Apache Superset server is running with an insecure default configuration (CVE-2023-27524). The script checks if a Superset server's session cookies are signed with any well-known default Flask SECRET_KEYs.
The --validate flag can be used to validate exploitability by enumerating databases using the Superset API.
requirements:
flask-unsign==1.2.0
requests==2.26.0
Usage:
CVE-2023-27524.py [-h] --url URL [--id ID] [--validate] [--timeout TIMEOUT]
Download: https://system32.ink/news-feed/p/308/CVE-2023-1671 | Pre-Auth RCE in Sophos Web Appliance
Dorkfofa
(title="Sophos Web Appliance" || app="Sophos-Web-Appliance") && title!="Sophos Web Appliance๏ผ้่ฏฏ่ฏทๆฑ"
ZoomEye
title:"Sophos Web Appliance"-title:"Sophos Web Appliance: Forbidden"-title:"Sophos Web Appliance: Bad Request"
Shodan
title:"Sophos Web Appliance"
Usage:
Dorkfofa
(title="Sophos Web Appliance" || app="Sophos-Web-Appliance") && title!="Sophos Web Appliance๏ผ้่ฏฏ่ฏทๆฑ"
ZoomEye
title:"Sophos Web Appliance"-title:"Sophos Web Appliance: Forbidden"-title:"Sophos Web Appliance: Bad Request"
Shodan
title:"Sophos Web Appliance"
Usage:
python CVE-2023-1671-POC.py -u http://www.example.comDownload: https://system32.ink/news-feed/p/309/
python CVE-2023-1671-POC.py -u http://www.example.com -d xxxxxx.dnslog.cn
python CVE-2023-1671-POC.py -f urls.txt
python CVE-2023-1671-POC.py -f urls.txt -d xxxxxx.dnslog.cn
Forwarded from Illucist
Forwarded from INDIAN CYBER MAFIA
18 INDONESIAN UNIVERSITY SITES H4CKED
una.ac.id
belanja.una.ac.id
elearning.una.ac.id
elpa.una.ac.id
esport.una.ac.id
storage.una.ac.id
fe.una.ac.id
lpm.una.ac.id
lppm.una.ac.id
mail.una.ac.id
ujian.una.ac.id
pustaka.una.ac.id
feeder.una.ac.id
siakad.una.ac.id
tracerstudy-ft.una.ac.id
ppg.una.ac.id
kesma.una.ac.id
sisfofh.una.ac.id
WE ARE NOT STOPPING
JAI HIND
GREETZ TO ALL INDIAN HACKERS
una.ac.id
belanja.una.ac.id
elearning.una.ac.id
elpa.una.ac.id
esport.una.ac.id
storage.una.ac.id
fe.una.ac.id
lpm.una.ac.id
lppm.una.ac.id
mail.una.ac.id
ujian.una.ac.id
pustaka.una.ac.id
feeder.una.ac.id
siakad.una.ac.id
tracerstudy-ft.una.ac.id
ppg.una.ac.id
kesma.una.ac.id
sisfofh.una.ac.id
WE ARE NOT STOPPING
JAI HIND
GREETZ TO ALL INDIAN HACKERS
๐ฏ How to Pass OSCP Exam ๐ฏ
If you are looking for a challenging and rewarding cybersecurity certification, look no further than the OSCP certification.
In this free blog post, we will provide working tips on how to pass the OSCP exam and become a Certified Cyber Security Professional!
โก Link: https://bit.ly/CrackOSCP
Learn ยฆ Share ยฆ Support
If you are looking for a challenging and rewarding cybersecurity certification, look no further than the OSCP certification.
In this free blog post, we will provide working tips on how to pass the OSCP exam and become a Certified Cyber Security Professional!
โก Link: https://bit.ly/CrackOSCP
Learn ยฆ Share ยฆ Support
Forwarded from CYBER DEMONS (INDIA๐ฎ๐ณ) ๐คCHANNEL๐ค (แดดแดฌแถแดทแดธแดผแถแดท)
๐ฅ OWASP TOP 10 ๐ฅ
SESSION AT SHARP 9 PM TODAY
BY JOB PROFESSIONALS
AT - @cyberdemonsindiaa
HOPE YOU'LL COME TO LEARN๐
#happyhacking
SESSION AT SHARP 9 PM TODAY
BY JOB PROFESSIONALS
AT - @cyberdemonsindiaa
HOPE YOU'LL COME TO LEARN๐
#happyhacking
Media is too big
VIEW IN TELEGRAM
This movie will open the eyes of millions of Hindu girls.
#TheKeralaStory
#TheKeralaStory
โคโ๐ฅ2
โก3
๐จ๐ปโ๐ปTop 10 Tools for Bug Bounty Hunters๐จ๐ปโ๐ป
Bug bounty hunting is a career that is known for the heavy use of security tools.
These tools help the hunters find vulnerabilities in software, web applications and websites, and are an integral part of bounty hunting.
โกLink : bit.ly/BugBountyTools
Share :: Support :: Learn
Bug bounty hunting is a career that is known for the heavy use of security tools.
These tools help the hunters find vulnerabilities in software, web applications and websites, and are an integral part of bounty hunting.
โกLink : bit.ly/BugBountyTools
Share :: Support :: Learn
A blog on mobile device security and mobile hacking
https://techofide.com/blogs/what-is-mobile-device-security-how-to-hack-a-phone-practical-demo/
Join our group for more such Cyber security content
t.me/ethicalhackingtechofide
https://techofide.com/blogs/what-is-mobile-device-security-how-to-hack-a-phone-practical-demo/
Join our group for more such Cyber security content
t.me/ethicalhackingtechofide
Forwarded from LegionLeaker๐ดโโ ๏ธ
Media is too big
VIEW IN TELEGRAM
ComboList Wordpress Fucker(BETA Version) ๐
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฝ๐ช๐ ๐๐ฎ๐ฅ๐: No Rate Limit
๐๐๐ฃ๐ : https://youtube.com/shorts/DKHYV6sjYXQ?feature=share
๐๐ก๐๐๐จ๐ ๐จ๐ช๐๐จ๐๐ง๐๐๐ ๐ฉ๐ค ๐ค๐ช๐ง ๐๐ค๐ช๐๐ช๐๐ ๐๐๐๐ฃ๐ฃ๐๐ก๐
๐๐๐ฃ๐ : https://youtube.com/shorts/DKHYV6sjYXQ?feature=share
๐๐ก๐๐๐จ๐ ๐จ๐ช๐๐จ๐๐ง๐๐๐ ๐ฉ๐ค ๐ค๐ช๐ง ๐๐ค๐ช๐๐ช๐๐ ๐๐๐๐ฃ๐ฃ๐๐ก๐
YouTube
No Rate Limit
The No Rate Limit Vulnerability happens when a website or app doesn't stop someone from making too many requests. Bad guys can exploit this and overwhelm the...
CVE-2023-29007 | Git Arbitrary Configuration Injection
Download: https://system32.ink/news-feed/p/314/
Download: https://system32.ink/news-feed/p/314/
Forwarded from Haโฝ๐er
private sector database โช
1 week 10$
2 week 20$
1 month 50$
https://t.me/+V3GiW-cRaMswMTM9
@Algorithm2bot
1 week 10$
2 week 20$
1 month 50$
https://t.me/+V3GiW-cRaMswMTM9
@Algorithm2bot
Forwarded from Deadly pickachu ๏ธ
๐ก ๐พ๐ก๐๐๐ ๐๐๐๐ ๐๐ฃ๐ & ๐พ๐ค๐ฃ๐ฉ๐๐ฃ๐ฉ ๐๐ฃ๐๐๐๐ฉ๐๐ค๐ฃ ๐๐ช๐ก๐ฃ๐๐ง๐๐๐๐ก๐๐ฉ๐ฎ ๐ก
Clickjacking Tool, Script are given in Description.
๐๐ก๐๐๐จ๐ ๐๐๐ ๐ & ๐๐ช๐๐จ๐๐ง๐๐๐ ๐ฉ๐ค ๐ค๐ช๐ง ๐๐ค๐ช๐๐ช๐๐ ๐๐๐๐ฃ๐ฃ๐๐ก๐
๐๐๐ฃ๐ : https://youtu.be/gbpVPv3aT18
Clickjacking Tool, Script are given in Description.
๐๐ก๐๐๐จ๐ ๐๐๐ ๐ & ๐๐ช๐๐จ๐๐ง๐๐๐ ๐ฉ๐ค ๐ค๐ช๐ง ๐๐ค๐ช๐๐ช๐๐ ๐๐๐๐ฃ๐ฃ๐๐ก๐
๐๐๐ฃ๐ : https://youtu.be/gbpVPv3aT18
YouTube
04 Clickjacking & Content Injection
๐ด BE MY FRIEND
๐๐๐ฃ๐จ๐ฉ๐๐๐ง๐๐ข (thecybertix): https://www.instagram.com/thecybertix
๐๐๐ฌ๐๐ฉ๐ฉ๐๐ง: https://twitter.com/thecybertix
๐๐๐๐ฃ๐ ๐๐๐๐ฃ: https://www.linkedin.com/company/cybe...
๐๐๐๐๐จ๐๐ฉ๐: https://cybertix.in
๐ด RESOURCES
๐๐พ๐ก๐๐๐ ๐ ๐๐๐ ๐๐ฃ๐ ๐๐ค๐ค๐ก: https://cybโฆ
๐๐๐ฃ๐จ๐ฉ๐๐๐ง๐๐ข (thecybertix): https://www.instagram.com/thecybertix
๐๐๐ฌ๐๐ฉ๐ฉ๐๐ง: https://twitter.com/thecybertix
๐๐๐๐ฃ๐ ๐๐๐๐ฃ: https://www.linkedin.com/company/cybe...
๐๐๐๐๐จ๐๐ฉ๐: https://cybertix.in
๐ด RESOURCES
๐๐พ๐ก๐๐๐ ๐ ๐๐๐ ๐๐ฃ๐ ๐๐ค๐ค๐ก: https://cybโฆ
๐1