🤔Question of the day: How to Spot CORS Misconfigurations?
Tweet by jayesh35_ : https://x.com/Jayesh25_/status/1730131194702958603?s=20
Tweet by jayesh35_ : https://x.com/Jayesh25_/status/1730131194702958603?s=20
❤19
🦗CVE : CVE-2023-38146
CVE Series : #1
A High-Risk Windows Themes Vulnerability
• Type: Remote Code Execution (RCE) ⚠️
• Affected Software: Windows 11
• CVSS Score: 8.8 (High Severity)
Dive into the details 🧵:👇
https://x.com/vulncure/status/1732049554504052876?s=20
CVE Series : #1
A High-Risk Windows Themes Vulnerability
• Type: Remote Code Execution (RCE) ⚠️
• Affected Software: Windows 11
• CVSS Score: 8.8 (High Severity)
Dive into the details 🧵:👇
https://x.com/vulncure/status/1732049554504052876?s=20
❤7👍2🤣1
🦗CVE : CVE-2023-49733
CVE Series : #2
Improper Restriction of XML External Entity Reference in Apache Cocoon
• Type: inject malicious code into XML documents
• Affected Software: Apache Cocoon
• CVSS Score: 9.8 (Critical Severity)
• Impact: RCE
Dive into the details 🧵:👇
https://x.com/vulncure/status/1732817325261283513?s=20
CVE Series : #2
Improper Restriction of XML External Entity Reference in Apache Cocoon
• Type: inject malicious code into XML documents
• Affected Software: Apache Cocoon
• CVSS Score: 9.8 (Critical Severity)
• Impact: RCE
Dive into the details 🧵:👇
https://x.com/vulncure/status/1732817325261283513?s=20
❤6🔥5👍1
🚀Question of the day: How to approach GraphQL Targets?
Unlock the full potential of GraphQL with these pro tips for tackling your bug bounty targets:
1️⃣ Retrieve the GraphQL Schema for hidden Queries/Mutations: If introspection is enabled, you can obtain the GraphQL Schema, revealing all GraphQL Operations and Mutations using the following GraphQL Query:
{"query":"{__schema{queryType{name}mutationType{name}subscriptionType{name}types{...FullType}directives{name description locations args{...InputValue}}}}fragment FullType on __Type{kind name description fields(includeDeprecated:true){name description args{...InputValue}type{...TypeRef}isDeprecated deprecationReason}inputFields{...InputValue}interfaces{...TypeRef}enumValues(includeDeprecated:true){name description isDeprecated deprecationReason}possibleTypes{...TypeRef}}fragment InputValue on __InputValue{name description type{...TypeRef}defaultValue}fragment TypeRef on __Type{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name}}}}}}}}"}
Introspection Disabled? Don't worry; here are some more ideas that can help you uncover those hidden GraphQL Queries/Mutations:
1️⃣ JavaScript - Retrieve GraphQL Queries and Mutations from JavaScript files when introspection is disabled. These files may list hidden methods not accessible via the app's regular functionality. Try making direct requests to these.
2️⃣ GraphQL Operation discovery via Brute Force - Clairvoyance is an excellent tool that helps obtain the GraphQL API schema via brute force even if introspection is disabled. It produces the GraphQL schema in JSON format. You can install the tool at https://github.com/nikitastupin/clairvoyance.
3️⃣ View the Schema and Continue Testing - Upload the identified operations/schema to other tools such as GraphQL Voyager, InQL, or graphql-path-enum, and start testing for GraphQL-specific security issues.
Next up: We'll talk about JS monitoring for identifying new GraphQL Operations/Mutations that you can be alerted to and test as soon as they're discovered! 🚀💻 #BugBounty #InfoSec #GraphQL #Security #BugBountyTips #HackerOne #BugCrowd #Cybersecurity
Unlock the full potential of GraphQL with these pro tips for tackling your bug bounty targets:
1️⃣ Retrieve the GraphQL Schema for hidden Queries/Mutations: If introspection is enabled, you can obtain the GraphQL Schema, revealing all GraphQL Operations and Mutations using the following GraphQL Query:
{"query":"{__schema{queryType{name}mutationType{name}subscriptionType{name}types{...FullType}directives{name description locations args{...InputValue}}}}fragment FullType on __Type{kind name description fields(includeDeprecated:true){name description args{...InputValue}type{...TypeRef}isDeprecated deprecationReason}inputFields{...InputValue}interfaces{...TypeRef}enumValues(includeDeprecated:true){name description isDeprecated deprecationReason}possibleTypes{...TypeRef}}fragment InputValue on __InputValue{name description type{...TypeRef}defaultValue}fragment TypeRef on __Type{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name}}}}}}}}"}
Introspection Disabled? Don't worry; here are some more ideas that can help you uncover those hidden GraphQL Queries/Mutations:
1️⃣ JavaScript - Retrieve GraphQL Queries and Mutations from JavaScript files when introspection is disabled. These files may list hidden methods not accessible via the app's regular functionality. Try making direct requests to these.
2️⃣ GraphQL Operation discovery via Brute Force - Clairvoyance is an excellent tool that helps obtain the GraphQL API schema via brute force even if introspection is disabled. It produces the GraphQL schema in JSON format. You can install the tool at https://github.com/nikitastupin/clairvoyance.
3️⃣ View the Schema and Continue Testing - Upload the identified operations/schema to other tools such as GraphQL Voyager, InQL, or graphql-path-enum, and start testing for GraphQL-specific security issues.
Next up: We'll talk about JS monitoring for identifying new GraphQL Operations/Mutations that you can be alerted to and test as soon as they're discovered! 🚀💻 #BugBounty #InfoSec #GraphQL #Security #BugBountyTips #HackerOne #BugCrowd #Cybersecurity
GitHub
GitHub - nikitastupin/clairvoyance: Obtain GraphQL API schema even if the introspection is disabled
Obtain GraphQL API schema even if the introspection is disabled - nikitastupin/clairvoyance
🔥9👍3❤2
🦗CVE : CVE-2023-49070
CVE Series : #3
Apache OFBiz Pre-authentication RCE Vulnerability
• Type: Code injection (CWE-94)⚠️
• Affected Software: Apache OFBiz versions prior to 18.12.10
• CVSSv3 Base Score: 9.8 (Critical Severity)
Dive into the details 🧵:👇
https://x.com/vulncure/status/1733545000363819108?s=20
CVE Series : #3
Apache OFBiz Pre-authentication RCE Vulnerability
• Type: Code injection (CWE-94)⚠️
• Affected Software: Apache OFBiz versions prior to 18.12.10
• CVSSv3 Base Score: 9.8 (Critical Severity)
Dive into the details 🧵:👇
https://x.com/vulncure/status/1733545000363819108?s=20
🔥9👍2👏1
Bugbounty Reports in Thread🧵
Bug: Blind SQL injection on id\.indrive\.com
Type: SQL Injection
Program: inDrive
Siverity: Critical (9 ~ 10)
Bounty: $4,134
Dive into the details 🧵:📷
https://x.com/vulncure/status/1734908685103575408?s=20
Bug: Blind SQL injection on id\.indrive\.com
Type: SQL Injection
Program: inDrive
Siverity: Critical (9 ~ 10)
Bounty: $4,134
Dive into the details 🧵:📷
https://x.com/vulncure/status/1734908685103575408?s=20
❤12👍4🔥2🤡1
Guys we are taking a live session for Bug Hunter & Pentesters at Sun 16 dec IST.
Anonymous Poll
48%
Time : 9PM IST
52%
Time : 10PM IST
Note📌 : This Meet is going to be Simple & easy with normal day to day question in 🐛 bug hunter's life
Lang : Hindi
At 10PM IST Tomorrow { Telegram's Channel Meet }
Lang : Hindi
At 10PM IST Tomorrow { Telegram's Channel Meet }
😢15👍6🍾4😁3
Thank You Guys, So much for joining the Meet 🌿🍁
Special thanks 👍 To Our Team:
1. twitter.com/Anukulhexx
2. twitter.com/hack_learners
3. twitter.com/radhasec
4. twitter.com/TecholicKamal
5. twitter.com/RajNamdevv
For handling this Meet
Special thanks 👍 To Our Team:
1. twitter.com/Anukulhexx
2. twitter.com/hack_learners
3. twitter.com/radhasec
4. twitter.com/TecholicKamal
5. twitter.com/RajNamdevv
For handling this Meet
❤9👍1
PART 1
🍏 Let's Exploit the Nodejs Application :
https://x.com/vulncure/status/1736816422217527727?s=20
🍏 Let's Exploit the Nodejs Application :
https://x.com/vulncure/status/1736816422217527727?s=20
🔥7👍4👌1
PART 2 ⤵️
🍏 Exploit Nodejs Application To RCE
In Part 1, We talked about the Nodejs global process that can used to get better control over system interactions
We sawn that Nodejs Application wouldn't have sanitized the eval() .
Well, Now we'll deal with the file system of instance running Nodejs Application
Read More :
https://x.com/vulncure/status/1737169125267415403?s=20
🍏 Exploit Nodejs Application To RCE
In Part 1, We talked about the Nodejs global process that can used to get better control over system interactions
We sawn that Nodejs Application wouldn't have sanitized the eval() .
Well, Now we'll deal with the file system of instance running Nodejs Application
Read More :
https://x.com/vulncure/status/1737169125267415403?s=20
❤6😱1
🎉 Happy New Year Guys 🎊
Hope you're doing well and if not, you have new year to start with new mindset and methodology to Succeed
All the Best 🥳
Hope you're doing well and if not, you have new year to start with new mindset and methodology to Succeed
All the Best 🥳
❤23🎉4👍2👏2👀1
IDOR.pdf
78.5 KB
🔥31👍7⚡2👀1
2FA Bypass.pdf
301.4 KB
🔥25👍4❤3😁1
reset pass checklist.pdf
97.4 KB
❤14🔥6👍3🕊1