π¨Progress Telerik Report Server pre-authenticated RCE chain (CVE-2024-4358/CVE-2024-1800)π¨
π’PoC: https://github.com/sinsinology/CVE-2024-4358
β Detailed Analysis from @SinSinology https://summoning.team/blog/progress-report-server-rce-cve-2024-4358-cve-2024-1800/
πDorks:
πΈHunter: /product.name="Telerik report server"
πΈFOFA: app="Telerik-Report-Server"
πΈSHODAN: http.title:"Telerik report server"
π’PoC: https://github.com/sinsinology/CVE-2024-4358
β Detailed Analysis from @SinSinology https://summoning.team/blog/progress-report-server-rce-cve-2024-4358-cve-2024-1800/
πDorks:
πΈHunter: /product.name="Telerik report server"
πΈFOFA: app="Telerik-Report-Server"
πΈSHODAN: http.title:"Telerik report server"
π2
Hello Members, Hope you're doing well. We have created a WhatsApp Channel for Brut Security. Join now, more cyber security insights coming soon!
You can join here:https://whatsapp.com/channel/0029VacUEmpCnA8014ZLnm1L
You can join here:https://whatsapp.com/channel/0029VacUEmpCnA8014ZLnm1L
WhatsApp.com
Brut Security | WhatsApp Channel
Brut Security WhatsApp Channel. We offer Cyber Security Training, Penetration Testing Services and Bug Bounty Tips to protect businesses and individuals from cyber attacks. Feel Free to DMπ‘οΈ. 59 followers
Media is too big
VIEW IN TELEGRAM
π¨Android SSL Pinning Bypass using Noxerπ¨
πAutomate your Android penetration testing lab setup using Nox Emulator. Noxer is a powerful Python script designed for automating Android penetration testing tasks within the Nox Player emulator. It simplifies setup, enhances stability, manages Frida Server, removes unwanted bloatware, integrates BurpSuite certificates, and much more!
πNoxer: https://buff.ly/4b0gxM4
πAutomate your Android penetration testing lab setup using Nox Emulator. Noxer is a powerful Python script designed for automating Android penetration testing tasks within the Nox Player emulator. It simplifies setup, enhances stability, manages Frida Server, removes unwanted bloatware, integrates BurpSuite certificates, and much more!
πNoxer: https://buff.ly/4b0gxM4
π₯4
This media is not supported in your browser
VIEW IN TELEGRAM
π¨CVE-2024-4577: PHP CGI Argument Injection Vulnerabilityπ¨
β Dorks:
πΈHunter: header.server="PHP"
πΈFOFA: server="PHP"
πΈSHODAN: server: PHP
β Dorks:
πΈHunter: header.server="PHP"
πΈFOFA: server="PHP"
πΈSHODAN: server: PHP
π€―5π2π₯2
Brut Security
π¨CVE-2024-4577: PHP CGI Argument Injection Vulnerabilityπ¨ β Dorks: πΈHunter: header.server="PHP" πΈFOFA: server="PHP" πΈSHODAN: server: PHP
GitHub
GitHub - watchtowrlabs/CVE-2024-4577: PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC
PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC - watchtowrlabs/CVE-2024-4577
Which of the following is used for banner grabbing?
Anonymous Quiz
48%
Telnet
12%
FTP
19%
SSH
21%
Wireshark
π1
π¨OneDorkForAllπ¨
πAn insane list of all dorks taken from everywhere from various different sources. Google, Shodan, Github. Bug bounty dorks (includes private programs), shodan, github, CCTV, CMS dorks, lfi, sqli, xss, more vulns + an extra 1Mil+ dorks.
πhttps://github.com/HackShiv/OneDorkForAll
πAn insane list of all dorks taken from everywhere from various different sources. Google, Shodan, Github. Bug bounty dorks (includes private programs), shodan, github, CCTV, CMS dorks, lfi, sqli, xss, more vulns + an extra 1Mil+ dorks.
πhttps://github.com/HackShiv/OneDorkForAll
π₯7π«‘2β€1π€1
π¨X-Recon: A utility for detecting webpage inputs and conducting XSS scans.π¨
Features:
1. Subdomain Discovery
2. Site-wide Link Discovery
3. Form and Input Extraction
4. XSS Scanning
πLink: https://lnkd.in/gfAeBPz7
Features:
1. Subdomain Discovery
2. Site-wide Link Discovery
3. Form and Input Extraction
4. XSS Scanning
πLink: https://lnkd.in/gfAeBPz7
π―4π2π₯1
This media is not supported in your browser
VIEW IN TELEGRAM
π¨noWAFplsπ¨
πBurp Plugin to Bypass WAFs through the insertion of Junk Data
π https://github.com/assetnote/nowafpls
πBurp Plugin to Bypass WAFs through the insertion of Junk Data
π https://github.com/assetnote/nowafpls
π3π₯1π€―1
π¨CVE-2024-23692: Unauthenticated RCE Flaw in Rejetto HTTP File Server
πIt allows remote attackers to execute arbitrary code on affected servers without authentication, potentially leading to data breaches, ransomware attacks, and complete system compromise.
π₯PoC: https://github.com/rapid7/metasploit-framework/pull/19240
π₯Dorks:
Hunter: /product.name="HTTP File Server" and web.body="Rejetto"
FOFA: product="HFS"
SHODAN: product:"HttpFileServer httpd"
#Rejetto #HFS #bugbounty #bugbountytips #cybersecurity #pentesting
πIt allows remote attackers to execute arbitrary code on affected servers without authentication, potentially leading to data breaches, ransomware attacks, and complete system compromise.
π₯PoC: https://github.com/rapid7/metasploit-framework/pull/19240
π₯Dorks:
Hunter: /product.name="HTTP File Server" and web.body="Rejetto"
FOFA: product="HFS"
SHODAN: product:"HttpFileServer httpd"
#Rejetto #HFS #bugbounty #bugbountytips #cybersecurity #pentesting
π₯2