The team at @OpenAI just fixed a critical Account takeover vulnerability I reported few hours ago affecting #ChatGPT.
https://x.com/naglinagli/status/1639343866313601024?s=20
https://x.com/naglinagli/status/1639343866313601024?s=20
X (formerly Twitter)
Nagli (@galnagli) on X
The team at @OpenAI just fixed a critical account takeover vulnerability I reported few hours ago affecting #ChatGPT.
It was possible to takeover someone's account, view their chat history, and access their billing information without them ever realizing…
It was possible to takeover someone's account, view their chat history, and access their billing information without them ever realizing…
🔥8
🔥First Step Toward Web Application Testing : 😎
We will always come across various web applications that are designed and configured differently. One of the most current and widely used methods for testing web applications is the https://github.com/OWASP/wstg/tree/master/document/4-Web_Application_Security_Testing. ❄️
One of the most common procedures is to start by reviewing a web application's front end components, such as HTML, CSS and JavaScript (also known as the front end trinity), and attempt to find vulnerabilities such as Sensitive Data Exposure { https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure } and Cross-Site Scripting (XSS) { https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS) } . 🌓
Once all front end components are thoroughly tested, we would typically review the web application's core functionality and the interaction between the browser and the webserver to enumerate the technologies the webserver uses and look for exploitable flaws. We typically assess web applications from both an unauthenticated and authenticated perspective (if the application has login functionality) to maximize coverage and review every possible attack scenario. ✨
We will always come across various web applications that are designed and configured differently. One of the most current and widely used methods for testing web applications is the https://github.com/OWASP/wstg/tree/master/document/4-Web_Application_Security_Testing. ❄️
One of the most common procedures is to start by reviewing a web application's front end components, such as HTML, CSS and JavaScript (also known as the front end trinity), and attempt to find vulnerabilities such as Sensitive Data Exposure { https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure } and Cross-Site Scripting (XSS) { https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS) } . 🌓
Once all front end components are thoroughly tested, we would typically review the web application's core functionality and the interaction between the browser and the webserver to enumerate the technologies the webserver uses and look for exploitable flaws. We typically assess web applications from both an unauthenticated and authenticated perspective (if the application has login functionality) to maximize coverage and review every possible attack scenario. ✨
GitHub
wstg/document/4-Web_Application_Security_Testing at master · OWASP/wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services. - OWASP/wstg
❤13👍1
🤔Question of the day: How to Spot CORS Misconfigurations?
Tweet by jayesh35_ : https://x.com/Jayesh25_/status/1730131194702958603?s=20
Tweet by jayesh35_ : https://x.com/Jayesh25_/status/1730131194702958603?s=20
❤19
🦗CVE : CVE-2023-38146
CVE Series : #1
A High-Risk Windows Themes Vulnerability
• Type: Remote Code Execution (RCE) ⚠️
• Affected Software: Windows 11
• CVSS Score: 8.8 (High Severity)
Dive into the details 🧵:👇
https://x.com/vulncure/status/1732049554504052876?s=20
CVE Series : #1
A High-Risk Windows Themes Vulnerability
• Type: Remote Code Execution (RCE) ⚠️
• Affected Software: Windows 11
• CVSS Score: 8.8 (High Severity)
Dive into the details 🧵:👇
https://x.com/vulncure/status/1732049554504052876?s=20
❤7👍2🤣1
🦗CVE : CVE-2023-49733
CVE Series : #2
Improper Restriction of XML External Entity Reference in Apache Cocoon
• Type: inject malicious code into XML documents
• Affected Software: Apache Cocoon
• CVSS Score: 9.8 (Critical Severity)
• Impact: RCE
Dive into the details 🧵:👇
https://x.com/vulncure/status/1732817325261283513?s=20
CVE Series : #2
Improper Restriction of XML External Entity Reference in Apache Cocoon
• Type: inject malicious code into XML documents
• Affected Software: Apache Cocoon
• CVSS Score: 9.8 (Critical Severity)
• Impact: RCE
Dive into the details 🧵:👇
https://x.com/vulncure/status/1732817325261283513?s=20
❤6🔥5👍1
🚀Question of the day: How to approach GraphQL Targets?
Unlock the full potential of GraphQL with these pro tips for tackling your bug bounty targets:
1️⃣ Retrieve the GraphQL Schema for hidden Queries/Mutations: If introspection is enabled, you can obtain the GraphQL Schema, revealing all GraphQL Operations and Mutations using the following GraphQL Query:
{"query":"{__schema{queryType{name}mutationType{name}subscriptionType{name}types{...FullType}directives{name description locations args{...InputValue}}}}fragment FullType on __Type{kind name description fields(includeDeprecated:true){name description args{...InputValue}type{...TypeRef}isDeprecated deprecationReason}inputFields{...InputValue}interfaces{...TypeRef}enumValues(includeDeprecated:true){name description isDeprecated deprecationReason}possibleTypes{...TypeRef}}fragment InputValue on __InputValue{name description type{...TypeRef}defaultValue}fragment TypeRef on __Type{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name}}}}}}}}"}
Introspection Disabled? Don't worry; here are some more ideas that can help you uncover those hidden GraphQL Queries/Mutations:
1️⃣ JavaScript - Retrieve GraphQL Queries and Mutations from JavaScript files when introspection is disabled. These files may list hidden methods not accessible via the app's regular functionality. Try making direct requests to these.
2️⃣ GraphQL Operation discovery via Brute Force - Clairvoyance is an excellent tool that helps obtain the GraphQL API schema via brute force even if introspection is disabled. It produces the GraphQL schema in JSON format. You can install the tool at https://github.com/nikitastupin/clairvoyance.
3️⃣ View the Schema and Continue Testing - Upload the identified operations/schema to other tools such as GraphQL Voyager, InQL, or graphql-path-enum, and start testing for GraphQL-specific security issues.
Next up: We'll talk about JS monitoring for identifying new GraphQL Operations/Mutations that you can be alerted to and test as soon as they're discovered! 🚀💻 #BugBounty #InfoSec #GraphQL #Security #BugBountyTips #HackerOne #BugCrowd #Cybersecurity
Unlock the full potential of GraphQL with these pro tips for tackling your bug bounty targets:
1️⃣ Retrieve the GraphQL Schema for hidden Queries/Mutations: If introspection is enabled, you can obtain the GraphQL Schema, revealing all GraphQL Operations and Mutations using the following GraphQL Query:
{"query":"{__schema{queryType{name}mutationType{name}subscriptionType{name}types{...FullType}directives{name description locations args{...InputValue}}}}fragment FullType on __Type{kind name description fields(includeDeprecated:true){name description args{...InputValue}type{...TypeRef}isDeprecated deprecationReason}inputFields{...InputValue}interfaces{...TypeRef}enumValues(includeDeprecated:true){name description isDeprecated deprecationReason}possibleTypes{...TypeRef}}fragment InputValue on __InputValue{name description type{...TypeRef}defaultValue}fragment TypeRef on __Type{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name}}}}}}}}"}
Introspection Disabled? Don't worry; here are some more ideas that can help you uncover those hidden GraphQL Queries/Mutations:
1️⃣ JavaScript - Retrieve GraphQL Queries and Mutations from JavaScript files when introspection is disabled. These files may list hidden methods not accessible via the app's regular functionality. Try making direct requests to these.
2️⃣ GraphQL Operation discovery via Brute Force - Clairvoyance is an excellent tool that helps obtain the GraphQL API schema via brute force even if introspection is disabled. It produces the GraphQL schema in JSON format. You can install the tool at https://github.com/nikitastupin/clairvoyance.
3️⃣ View the Schema and Continue Testing - Upload the identified operations/schema to other tools such as GraphQL Voyager, InQL, or graphql-path-enum, and start testing for GraphQL-specific security issues.
Next up: We'll talk about JS monitoring for identifying new GraphQL Operations/Mutations that you can be alerted to and test as soon as they're discovered! 🚀💻 #BugBounty #InfoSec #GraphQL #Security #BugBountyTips #HackerOne #BugCrowd #Cybersecurity
GitHub
GitHub - nikitastupin/clairvoyance: Obtain GraphQL API schema even if the introspection is disabled
Obtain GraphQL API schema even if the introspection is disabled - nikitastupin/clairvoyance
🔥9👍3❤2
🦗CVE : CVE-2023-49070
CVE Series : #3
Apache OFBiz Pre-authentication RCE Vulnerability
• Type: Code injection (CWE-94)⚠️
• Affected Software: Apache OFBiz versions prior to 18.12.10
• CVSSv3 Base Score: 9.8 (Critical Severity)
Dive into the details 🧵:👇
https://x.com/vulncure/status/1733545000363819108?s=20
CVE Series : #3
Apache OFBiz Pre-authentication RCE Vulnerability
• Type: Code injection (CWE-94)⚠️
• Affected Software: Apache OFBiz versions prior to 18.12.10
• CVSSv3 Base Score: 9.8 (Critical Severity)
Dive into the details 🧵:👇
https://x.com/vulncure/status/1733545000363819108?s=20
🔥9👍2👏1
Bugbounty Reports in Thread🧵
Bug: Blind SQL injection on id\.indrive\.com
Type: SQL Injection
Program: inDrive
Siverity: Critical (9 ~ 10)
Bounty: $4,134
Dive into the details 🧵:📷
https://x.com/vulncure/status/1734908685103575408?s=20
Bug: Blind SQL injection on id\.indrive\.com
Type: SQL Injection
Program: inDrive
Siverity: Critical (9 ~ 10)
Bounty: $4,134
Dive into the details 🧵:📷
https://x.com/vulncure/status/1734908685103575408?s=20
❤12👍4🔥2🤡1
Guys we are taking a live session for Bug Hunter & Pentesters at Sun 16 dec IST.
Anonymous Poll
48%
Time : 9PM IST
52%
Time : 10PM IST
Note📌 : This Meet is going to be Simple & easy with normal day to day question in 🐛 bug hunter's life
Lang : Hindi
At 10PM IST Tomorrow { Telegram's Channel Meet }
Lang : Hindi
At 10PM IST Tomorrow { Telegram's Channel Meet }
😢15👍6🍾4😁3
Thank You Guys, So much for joining the Meet 🌿🍁
Special thanks 👍 To Our Team:
1. twitter.com/Anukulhexx
2. twitter.com/hack_learners
3. twitter.com/radhasec
4. twitter.com/TecholicKamal
5. twitter.com/RajNamdevv
For handling this Meet
Special thanks 👍 To Our Team:
1. twitter.com/Anukulhexx
2. twitter.com/hack_learners
3. twitter.com/radhasec
4. twitter.com/TecholicKamal
5. twitter.com/RajNamdevv
For handling this Meet
❤9👍1
PART 1
🍏 Let's Exploit the Nodejs Application :
https://x.com/vulncure/status/1736816422217527727?s=20
🍏 Let's Exploit the Nodejs Application :
https://x.com/vulncure/status/1736816422217527727?s=20
🔥7👍4👌1
PART 2 ⤵️
🍏 Exploit Nodejs Application To RCE
In Part 1, We talked about the Nodejs global process that can used to get better control over system interactions
We sawn that Nodejs Application wouldn't have sanitized the eval() .
Well, Now we'll deal with the file system of instance running Nodejs Application
Read More :
https://x.com/vulncure/status/1737169125267415403?s=20
🍏 Exploit Nodejs Application To RCE
In Part 1, We talked about the Nodejs global process that can used to get better control over system interactions
We sawn that Nodejs Application wouldn't have sanitized the eval() .
Well, Now we'll deal with the file system of instance running Nodejs Application
Read More :
https://x.com/vulncure/status/1737169125267415403?s=20
❤6😱1
🎉 Happy New Year Guys 🎊
Hope you're doing well and if not, you have new year to start with new mindset and methodology to Succeed
All the Best 🥳
Hope you're doing well and if not, you have new year to start with new mindset and methodology to Succeed
All the Best 🥳
❤23🎉4👍2👏2👀1
IDOR.pdf
78.5 KB
🔥31👍7⚡2👀1