Please open Telegram to view this post
VIEW IN TELEGRAM
π₯2
ffuf -c -ac -r -u https://target[.]com/FUZZ -w wordlist.txt
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - six2dez/OneListForAll: Rockyou for web fuzzing
Rockyou for web fuzzing. Contribute to six2dez/OneListForAll development by creating an account on GitHub.
π₯5
CVE-2024-6385: Improper Access Control in GitLab, 9.6 rating π₯
The new vulnerability allows an attacker to run pipeline jobs with the rights of any other user.
Search at Netlas.io:
π Link: https://nt.ls/HvsUY
π Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef
Read more: https://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-bug-that-lets-attackers-run-pipelines-as-an-arbitrary-user/
The new vulnerability allows an attacker to run pipeline jobs with the rights of any other user.
Search at Netlas.io:
π Link: https://nt.ls/HvsUY
π Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef
Read more: https://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-bug-that-lets-attackers-run-pipelines-as-an-arbitrary-user/
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
CVE-2024-4879 | Template Injection Vulnerability in ServiceNow | Bug Bounty POC | Brut Security
π¨CVE-2024-4879 & CVE-2024-5217: ServiceNow Security Vulnerabilities Expose Businesses to RCE and Data Breaches
βThese vulnerabilities enable unauthenticated remote attackers to execute arbitrary code within the Now Platform,
potentially leading to completeβ¦
βThese vulnerabilities enable unauthenticated remote attackers to execute arbitrary code within the Now Platform,
potentially leading to completeβ¦
π€‘2β€1π₯1
Brut Security
Please open Telegram to view this post
VIEW IN TELEGRAM
π4
Brut Security
Parameters where you can try Command Injection. ?cmd={payload} ?exec={payload} ?command={payload} ?execute{payload} ?ping={payload} ?query={payload} ?jump={payload} ?code={payload} ?reg={payload} ?do={payload} ?func={payload} ?arg={payload} β¦
Keep Checking Old Posts πΏ
Please open Telegram to view this post
VIEW IN TELEGRAM
π2
url/?f=etc/passwd ==> 403
encode etc/passwd as base64
url/?f=L2V0Yy9wYXNzd2Q= ==> 200
#note
you can use this trick in SQL , SSTI , XSS , LFI , Etc...
By:@GodfatherOrwa
#bugbountytips #BugBounty
encode etc/passwd as base64
url/?f=L2V0Yy9wYXNzd2Q= ==> 200
#note
you can use this trick in SQL , SSTI , XSS , LFI , Etc...
By:@GodfatherOrwa
#bugbountytips #BugBounty
π10π₯2π€2β€1
This media is not supported in your browser
VIEW IN TELEGRAM
Meme Time π€
Please open Telegram to view this post
VIEW IN TELEGRAM
π€£4
Please open Telegram to view this post
VIEW IN TELEGRAM
WhatsApp.com
Brut Security Academy
Business Account
Find public files in Amazon S3
http://s3digger.com
Find public files in Dropbox
https://drodigger.com
Find public files in Disk Yandex
https://yadigger.com
Find public files in Google Drive
https://drodigger.com
Find public files in other file sharing sites
https://fidigger.com
Find public files on url shortening sites
https://shortdigger.com
http://s3digger.com
Find public files in Dropbox
https://drodigger.com
Find public files in Disk Yandex
https://yadigger.com
Find public files in Google Drive
https://drodigger.com
Find public files in other file sharing sites
https://fidigger.com
Find public files on url shortening sites
https://shortdigger.com
π4β€2
Please open Telegram to view this post
VIEW IN TELEGRAM
β€11π4
Brut Security
/****/: This is a directory traversal sequence, which is used to navigate through the file system. The **** is a common pattern used to traverse directories, allowing an attacker to access files outside of the web root.
π4