Forwarded from Brut Security
π¨CVE-2025-5777 (CitrixBleed 2) - Critical memory leak vulnerability affecting Citrix NetScaler ADC and Gateway devices
π―Severity: CRITICAL β οΈ
β PoC: https://github.com/win3zz/CVE-2025-5777
π―Severity: CRITICAL β οΈ
β PoC: https://github.com/win3zz/CVE-2025-5777
β€6π₯4
Fresh BB Target: https://www.elca.ch/.well-known/security.txt
β€13π5π₯3
Forwarded from Brut Security
π¨Multi-target unauthenticated RCE scanner for CVE-2025-34085 affecting WordPress Simple File List plugin. Uploads, renames, and triggers PHP webshells across large target sets.
β https://github.com/ill-deed/CVE-2025-34085-Multi-target
β https://github.com/ill-deed/CVE-2025-34085-Multi-target
β€11π₯3
Forwarded from Brut Security
β‘BrutDroid 2.0 is a powerful, Windows-optimized toolkit designed specifically for Android Studio, streamlining the setup of a mobile penetration testing lab. Built to make Android pentesting effortless, it automates emulator creation, rooting, Frida server setup, and Burp Suite certificate installation. With a vibrant new UI and support for custom Frida scripts, BrutDroid empowers security researchers to focus on testing, not setup. Linux support is coming soon!
β https://github.com/Brut-Security/BrutDroid
βDon't forget to leave a star :)
β https://github.com/Brut-Security/BrutDroid
βDon't forget to leave a star :)
β€20β‘5π2πΏ1
Asset inventory of over 800 public bug bounty programs.
https://github.com/trickest/inventory
β€11π3
BB Target-
https://www.nooks.ai/responsible-disclosure-processwww.nooks.ai
Responsible Disclosure Process
β€4
Forwarded from Brut Security
π¨CVE-2025-0133 : Payload + Template
Payload:
Write-up: https://codewithvamp.medium.com/cve-2025-0133-reflected-xss-vulnerability-in-palo-alto-globalprotect-gateway-portal-028128f2f5b9
Template: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-0133.yaml
Payload:
%3Csvg%20xmlns%3D%22http%3A%2F%http://2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cscript%3Eprompt%28%22XSS%22%29%3C%2Fscript%3E%3C%2Fsvg%3EWrite-up: https://codewithvamp.medium.com/cve-2025-0133-reflected-xss-vulnerability-in-palo-alto-globalprotect-gateway-portal-028128f2f5b9
Template: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-0133.yaml
β€12π2π1
π₯Fresh BB Target - https://www.computerwaard.nl/.well-known/security.txt
β€16π1
Bug Bounty Programs Dork -
Coordinated Vulnerability Disclosure "app.zerocopter.com"π₯20β€10
Forwarded from Brut Security
This media is not supported in your browser
VIEW IN TELEGRAM
β‘Safari Address Bar Spoof via Cursor Overlap
β https://github.com/RenwaX23/X/blob/master/safari_bug2.md
β https://github.com/RenwaX23/X/blob/master/safari_bug2.md
π₯9β€4π2
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯13β€8π€3
Please open Telegram to view this post
VIEW IN TELEGRAM
β€15π₯6
Please open Telegram to view this post
VIEW IN TELEGRAM
β€17π1
Forwarded from Brut Security
Happy Durga Puja to all Brut Security members! May Maa Durga bless you with strength, wisdom, and protection in every battle you fight, both in life and in cyberspace. π π π
Please open Telegram to view this post
VIEW IN TELEGRAM
π12β€7π€1
A quick way to find "all" paths for Next.js websites:
console.log(__BUILD_MANIFEST.sortedPages)
javascriptβ:console.log(__BUILD_MANIFEST.sortedPages.join('\n'));π₯15β€5
Forwarded from Brut Security
Common Security Issues in FinanciallyOriented Web Applications
β€4π3