Searpy - Search Engine Tookit: https://www.system32.ink/2023/07/searpy-search-engine-tookit.html
Telegram Desktop Session Stealer : https://www.system32.ink/2023/07/telegram-desktop-session-stealer.html
Continental Tires Middle East (continental-me.com) data leak : https://www.system32.ink/2023/07/continental-tires-middle-east.html
CVE-2023-35719 Exploit : https://www.system32.ink/2023/07/cve-2023-35719-exploit.html
TURKEY REFUGEE database Leak : https://www.system32.ink/2023/07/turkey-refugee-database-leak.html
TBCommunity (British fitness website) data leak : https://www.system32.ink/2023/07/tbcommunity-british-fitness-website.html
webmarketpoint_it data Leak : https://www.system32.ink/2023/07/webmarketpointit-data-leak.html
ZxCDDoS layer 4 and 7 ddos with cloudflare bypass : https://www.system32.ink/2023/07/zxcddos-layer-4-and-7-with-cloudflare.html
SMShell - SMS-based shell : https://www.system32.ink/2023/07/smshell-sms-based-shell.html
Sheikh Hazza Bin Zayed Al Nahyan office data leak : https://www.system32.ink/2023/07/sheikh-hazza-bin-zayed-al-nahyan-office.html
Office Of Industrial Economics data leak : https://www.system32.ink/2023/07/office-of-industrial-economics-data-leak.html
Telegram Desktop Session Stealer : https://www.system32.ink/2023/07/telegram-desktop-session-stealer.html
Continental Tires Middle East (continental-me.com) data leak : https://www.system32.ink/2023/07/continental-tires-middle-east.html
CVE-2023-35719 Exploit : https://www.system32.ink/2023/07/cve-2023-35719-exploit.html
TURKEY REFUGEE database Leak : https://www.system32.ink/2023/07/turkey-refugee-database-leak.html
TBCommunity (British fitness website) data leak : https://www.system32.ink/2023/07/tbcommunity-british-fitness-website.html
webmarketpoint_it data Leak : https://www.system32.ink/2023/07/webmarketpointit-data-leak.html
ZxCDDoS layer 4 and 7 ddos with cloudflare bypass : https://www.system32.ink/2023/07/zxcddos-layer-4-and-7-with-cloudflare.html
SMShell - SMS-based shell : https://www.system32.ink/2023/07/smshell-sms-based-shell.html
Sheikh Hazza Bin Zayed Al Nahyan office data leak : https://www.system32.ink/2023/07/sheikh-hazza-bin-zayed-al-nahyan-office.html
Office Of Industrial Economics data leak : https://www.system32.ink/2023/07/office-of-industrial-economics-data-leak.html
We are hiring ! Information Security candidates
It is a full time job at associate level based out of Pune/Mumbai/Bangalore/Gurugram.
Hybrid work model. Opportunity to work with international clients.
7 - 9 years of work experience in Information Security, Internal Audit, ISO 27001, Risk Management , IT Security, Systems Audit, Consulting, Network security, Quality systems audit
Candidates with ISO 27001 LA, CISA ,MBA IT certificates would be preferred.
Must have good communication skills.
Must be familiar with Information Security domains like Policies and Procedures, VAPT, Risk Assessment, IS Audits, Network Security, Access control
Knowledge of current trends in Information Technology.
Knowledge in information security assessments.
Knowledge of Security requirements like ISO/IEC 27001 or SOC1, SOC2.
How an Information Security Associate, you will be responsible for
Client interaction for information gathering.
Assisting team members in Analysing, implementing, and managing the information security for our client(s).
Policy and Procedure Preparation.
Involvement in information security performance reviews and internal audits of client, etc.
Please share your CV to
careers_csecurity.in@capgemini.com
Fwded as received
It is a full time job at associate level based out of Pune/Mumbai/Bangalore/Gurugram.
Hybrid work model. Opportunity to work with international clients.
7 - 9 years of work experience in Information Security, Internal Audit, ISO 27001, Risk Management , IT Security, Systems Audit, Consulting, Network security, Quality systems audit
Candidates with ISO 27001 LA, CISA ,MBA IT certificates would be preferred.
Must have good communication skills.
Must be familiar with Information Security domains like Policies and Procedures, VAPT, Risk Assessment, IS Audits, Network Security, Access control
Knowledge of current trends in Information Technology.
Knowledge in information security assessments.
Knowledge of Security requirements like ISO/IEC 27001 or SOC1, SOC2.
How an Information Security Associate, you will be responsible for
Client interaction for information gathering.
Assisting team members in Analysing, implementing, and managing the information security for our client(s).
Policy and Procedure Preparation.
Involvement in information security performance reviews and internal audits of client, etc.
Please share your CV to
careers_csecurity.in@capgemini.com
Fwded as received
โค1๐1
Forwarded from Tสษชแดแดส Pแดษดษขแดษชษด ( trickypenguin.ink )
Forwarded from ELEMENT-/-11
Pakistan's Economics...Moody.pdf
1.7 MB
๐พ๐๐๐๐ ๐ค๐ช๐ฉ ๐๐๐ฌ ๐๐ฟ๐๐ ๐๐๐จ๐ฉ-๐พ๐๐จ๐๐จ
๐๐๐ฃ๐ :https://twitter.com/thecybertix/status/1676464147855470593?t=YLFOU7Rw4bqo2dzGQZV77w&s=19
๐๐๐ฃ๐ :https://twitter.com/thecybertix/status/1676464147855470593?t=YLFOU7Rw4bqo2dzGQZV77w&s=19
๐ฟ๐ค ๐ฎ๐ค๐ช ๐ ๐ฃ๐ค๐ฌ ๐๐๐๐ฉ ๐๐จ " ๐ฟ๐๐ ๐พ๐ก๐ค๐๐๐๐ง๐๐ฃ๐" ? ๐ค๐ค
๐พ๐๐๐๐ ๐ฉ๐๐๐จ ๐๐ช๐ฉ:
https://youtube.com/shorts/rysHaowv6Bk?feature=share
๐พ๐๐๐๐ ๐ฉ๐๐๐จ ๐๐ช๐ฉ:
https://youtube.com/shorts/rysHaowv6Bk?feature=share
YouTube
DOM Clobbering
Bug Type: DOM ClobberingDescription:DOM clobbering refers to the unintentional overriding or interference with DOM properties or methods by JavaScript code. ...
๐3
๐ฅGeoServer SQL Injection Vulnerability Analysis (CVE-2023-25157)
SQL Injection Vulnerabilities have been found with:
๐พ
๐พ
๐พ
๐พ
๐พ
๐พ
๐CVE-2023-25157 - GeoServer SQL Injection - PoC
Usage:
SQL Injection Vulnerabilities have been found with:
๐พ
PropertyIsLike filter, when used with a String field and any database DataStore, or with a PostGIS DataStore with encode functions enabled๐พ
strEndsWith function, when used with a PostGIS DataStore with encode functions enabled๐พ
strStartsWith function, when used with a PostGIS DataStore with encode functions enabled๐พ
FeatureId filter, when used with any database table having a String primary key column and when prepared statements are disabled๐พ
jsonArrayContains function, when used with a String or JSON field and with a PostGIS or Oracle DataStore (GeoServer 2.22.0+ only)๐พ
DWithin filter, when used with an Oracle DataStore๐CVE-2023-25157 - GeoServer SQL Injection - PoC
Usage:
python3 CVE-2023-25157.py <URL>๐4
๐ฅRCE in GitLab's CLI tool
Attack scenario:
1๏ธโฃAttacker creates a repository. They create a branch named "
2๏ธโฃTo make the attack more convincing, they set this branch as the default branch.
3๏ธโฃVictim clones the repository on their machine.
4๏ธโฃVictim tries to create an MR using
Attack scenario:
1๏ธโฃAttacker creates a repository. They create a branch named "
@|calc".2๏ธโฃTo make the attack more convincing, they set this branch as the default branch.
3๏ธโฃVictim clones the repository on their machine.
4๏ธโฃVictim tries to create an MR using
glab mr create --web
5๏ธโฃThe following command is run: cmd.exe /c "start https://gitlab.com/test-user/test-repo/-/merge_requests/new?merge_request[title]=%s^&merge_request[description]=%s^&merge_request[source_branch]=%s^&merge_request[target_branch]=@|calc^&merge_request[source_project_id]=%d^&merge_request[target_project_id]=%d".
6๏ธโฃThe pipe character allows to break out of the URL context and launch calc.