CVE-2019-10092_Docker:-- CVE-2019-10092 Docker - Apache HTTP Server
Limited Cross-Site Scripting(XSS) in mod_proxy Error Page
A limited cross-site scripting issue was found in the mod_proxy error page.
An attacker could cause the link on the error page to be #malformed and instead point to a page of their choice.
This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
https://github.com/motikan2010/CVE-2019-10092_Docker
Limited Cross-Site Scripting(XSS) in mod_proxy Error Page
A limited cross-site scripting issue was found in the mod_proxy error page.
An attacker could cause the link on the error page to be #malformed and instead point to a page of their choice.
This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
https://github.com/motikan2010/CVE-2019-10092_Docker
GitHub
GitHub - motikan2010/CVE-2019-10092_Docker: CVE-2019-10092 Docker - Apache HTTP Server
CVE-2019-10092 Docker - Apache HTTP Server. Contribute to motikan2010/CVE-2019-10092_Docker development by creating an account on GitHub.
Using Flight Tracking For Geolocation
https://nixintel.info/osint/using-flight-tracking-for-geolocation-quiztime-30th-october-2019/
https://nixintel.info/osint/using-flight-tracking-for-geolocation-quiztime-30th-october-2019/
Forwarded from The Hacker News
🎉 Great news for hackers!
Apple finally opens its invite-only ‘Bug Bounty Program’ to all researchers with increased payouts up to $1.5 million, rewarding for responsibly reporting security vulnerabilities in the latest publicly available versions of iOS, macOS, watchOS, tvOS, iPadOS, and iCloud, and, where relevant, on the latest publicly available hardware.
https://thehackernews.com/2019/12/apple-bug-bounty-program.html
Apple finally opens its invite-only ‘Bug Bounty Program’ to all researchers with increased payouts up to $1.5 million, rewarding for responsibly reporting security vulnerabilities in the latest publicly available versions of iOS, macOS, watchOS, tvOS, iPadOS, and iCloud, and, where relevant, on the latest publicly available hardware.
https://thehackernews.com/2019/12/apple-bug-bounty-program.html
tpx Security ⠠⠵
https://twitter.com/AndroidCerberus/status/1208140086702940162
This media is not supported in your browser
VIEW IN TELEGRAM
Forwarded from The Bug Bounty Hunter
CRLF injection
https://hackerone.com/reports/446271
https://hackerone.com/reports/446271
HackerOne
X / xAI disclosed on HackerOne: CRLF injection
https://ads.twitter.com was vulnerability to HTTP response splitting in the endpoint https://ads.twitter.com/subscriptions/mobile/landing that allows to an attacker add a malicious header in the...
CVE-2019-19844: posible robo de cuenta a través de la clave de la contraseña PoC para Django
https://github.com/ryu22e/django_cve_2019_19844_poc/
Detalle:
https://ryu22e.org/posts/2019/12/23/django-cve-2019-19118/
https://github.com/ryu22e/django_cve_2019_19844_poc/
Detalle:
https://ryu22e.org/posts/2019/12/23/django-cve-2019-19118/
GitHub
GitHub - ryu22e/django_cve_2019_19844_poc: PoC for CVE-2019-19844(https://www.djangoproject.com/weblog/2019/dec/18/security-releases/)
PoC for CVE-2019-19844(https://www.djangoproject.com/weblog/2019/dec/18/security-releases/) - ryu22e/django_cve_2019_19844_poc
Forwarded from The Bug Bounty Hunter
RCE with Burp Suite intruder + Regex https://www.youtube.com/watch?v=Xm77r80NxZo
YouTube
RCE with Burp Suite intruder + Regex
Detection RCE technique with Burp suite.
I am useing regex for detection vulns and errors in response.
Regex: https://github.com/ghsec/webHunt/blob/master/ErrorsAndVulnsDetect.md
Payloads: https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/C…
I am useing regex for detection vulns and errors in response.
Regex: https://github.com/ghsec/webHunt/blob/master/ErrorsAndVulnsDetect.md
Payloads: https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/C…