Forwarded from Proxy Bar
Confluence zero-day RCE (CVE-2022-26134)
ТУТ полное описание стадий заражения и пост-эксплуатации
Так как патча пока нет, админам приходится мониторить логи nginx, на предмет спалившихся в ходе расследования IP адресов злоумышленников. База этих IP пополняется (есть в ней и общедоступные VPN адреса- не забаньте себе жопу случайно).
Вот тут можно забрать скрипт - пройтись им по своему серваку.
Ждем паблик POC
#rce #confluence
ТУТ полное описание стадий заражения и пост-эксплуатации
Так как патча пока нет, админам приходится мониторить логи nginx, на предмет спалившихся в ходе расследования IP адресов злоумышленников. База этих IP пополняется (есть в ней и общедоступные VPN адреса- не забаньте себе жопу случайно).
Вот тут можно забрать скрипт - пройтись им по своему серваку.
Ждем паблик POC
#rce #confluence
Forwarded from Proxy Bar
Confluence zero-day RCE (CVE-2022-26134)Дополнение
Все, дождались, 🪖 лежит в паблике)))
гуглить "Through the Wire"
*
#rce #exploit #confluence
Proxy Bar
Confluence zero-day RCE (CVE-2022-26134) ТУТ полное описание стадий заражения и пост-эксплуатации Так как патча пока нет, админам приходится мониторить логи nginx, на предмет спалившихся в ходе расследования IP адресов злоумышленников. База этих IP пополняется…
GitHub
GitHub - jbaines-r7/through_the_wire: CVE-2022-26134 Proof of Concept
CVE-2022-26134 Proof of Concept. Contribute to jbaines-r7/through_the_wire development by creating an account on GitHub.
https://octagon.net/blog/2022/05/29/bypass-csp-using-wordpress-by-abusing-same-origin-method-execution/
https://youtu.be/qd5TPWlAW30
https://youtu.be/qd5TPWlAW30
YouTube
Using Wordpress for CSP Bypass by exploiting SOME
There is a way to bypass CSP on sites that use Wordpress on a subdomain or a directory by exploiting a SOME vulnerability abusing a jsonp endpoint.
#Beacon
https://www.netspi.com/blog/technical/web-application-penetration-testing/java-deserialization-attacks-burp/
YouTube
Finding & Exploiting Java Deserialization Automatically | Burp Plugin
Take a look at how you can find java deserilization vulnerabilities without using ysoserial tool manually.
Ask your question on Discord server, link below.
My microphone was disconnected & I thought it was recording - that is why audio is a bit rough.
…
Ask your question on Discord server, link below.
My microphone was disconnected & I thought it was recording - that is why audio is a bit rough.
…
👍2
#Beacon
https://github.com/joaomatosf/jexboss
YouTube
Vulnerability Facebook { JBoss jmx console deserelization Bug Bounty }
Description Impact
Detalhes completos
enquanto eu navegava pelo facebook veriquei que na pagina era utilizado Jboss então resolvi verificar a possibilidade de existirem falhas ou serviços expostos foi entao que encontrei algumas coisas interessantes como…
Detalhes completos
enquanto eu navegava pelo facebook veriquei que na pagina era utilizado Jboss então resolvi verificar a possibilidade de existirem falhas ou serviços expostos foi entao que encontrei algumas coisas interessantes como…
🔥3
Forwarded from beacon private!
Bug Bounty Hunting Search Engine
Bug Bounty Writeups 2010-2022
Pentest Book
Hacking Articles
HackTricks
0xdf hack stuff [HTB]
Discord Resources - Search Engine
Aldeid: Penetration Testing
iRedTeam - RedTeam Experiments
InfoSecMatter Practical CyberSecurity
Bug Bounty Writeups 2010-2022
Pentest Book
Hacking Articles
HackTricks
0xdf hack stuff [HTB]
Discord Resources - Search Engine
Aldeid: Penetration Testing
iRedTeam - RedTeam Experiments
InfoSecMatter Practical CyberSecurity
Bugbountyhunting
BugBountyHunting.com - A community-curated Resource for Bug Bounty Hunting
BugBountyHunting.com collects writeups, resources and content related to bug bounty hunting to help you access them quickly.
It's goal is to help beginners starting in web application security to learn more about bug bounty hunting.
It's goal is to help beginners starting in web application security to learn more about bug bounty hunting.
Forwarded from #Arm1tage
Labs Detectify
10 Types of Web Vulnerabilities that are Often Missed - Labs Detectify
Crowdsource hackers Hakluke and Farah Hawa share the top web vulnerabilities that are often missed during security testing. When hunting for bugs, especially on competitive bug bounty ...
👍1💩1
Forwarded from PT SWARM
Account hijacking using "dirty dancing" in sign-in OAuth-flows
👤 by Frans Rosén
Combining response-type switching, invalid state and redirect-uri quirks using OAuth, with third-party javascript-inclusions has multiple vulnerable scenarios where authorization codes or tokens could leak to an attacker. This could be used in attacks for single-click account takeovers. Frans Rosén, Security Advisor at Detectify goes through three different scenarios found in the wild below and also suggests ways to reduce the risk.
📝 Contents:
• Background
• Current state and assumptions about OAuth credential leakage
• Explanation of different OAuth-dances
• Response modes
• A theory: stealing tokens through postMessage
• It took a lot of time to get here
• Non-happy paths in the OAuth-dance
• Break state intentionally
• Response-type/Response-mode switching
• Redirect-uri case shifting
• Redirect-uri path appending
• Redirect-uri parameter appending
• Redirect-uri leftovers or misconfigurations
• I ended up on a non-happy path. Now what?
• Here be more time
• URL-leaking gadgets
• Other ideas for leaking URLs
• A page on a domain that routes any postMessage to its opener
• Conclusion
• How can we fix this?
• How to reduce the risk
https://labs.detectify.com/2022/07/06/account-hijacking-using-dirty-dancing-in-sign-in-oauth-flows/
👤 by Frans Rosén
Combining response-type switching, invalid state and redirect-uri quirks using OAuth, with third-party javascript-inclusions has multiple vulnerable scenarios where authorization codes or tokens could leak to an attacker. This could be used in attacks for single-click account takeovers. Frans Rosén, Security Advisor at Detectify goes through three different scenarios found in the wild below and also suggests ways to reduce the risk.
📝 Contents:
• Background
• Current state and assumptions about OAuth credential leakage
• Explanation of different OAuth-dances
• Response modes
• A theory: stealing tokens through postMessage
• It took a lot of time to get here
• Non-happy paths in the OAuth-dance
• Break state intentionally
• Response-type/Response-mode switching
• Redirect-uri case shifting
• Redirect-uri path appending
• Redirect-uri parameter appending
• Redirect-uri leftovers or misconfigurations
• I ended up on a non-happy path. Now what?
• Here be more time
• URL-leaking gadgets
• Other ideas for leaking URLs
• A page on a domain that routes any postMessage to its opener
• Conclusion
• How can we fix this?
• How to reduce the risk
https://labs.detectify.com/2022/07/06/account-hijacking-using-dirty-dancing-in-sign-in-oauth-flows/
👍3