Latest Nuclei Release v2.9.3 (bugfix release)!
https://github.com/projectdiscovery/nuclei/releases/tag/v2.9.3
https://github.com/projectdiscovery/nuclei/releases/tag/v2.9.3
GitHub
Release v2.9.3 (bugfix release) · projectdiscovery/nuclei
What's Changed
Added support to expose DNS response as dsl field by @ShubhamRasal in #3613
Added support to filter templates based on classification by @iamargus95 in #3606
Added check to make...
Added support to expose DNS response as dsl field by @ShubhamRasal in #3613
Added support to filter templates based on classification by @iamargus95 in #3606
Added check to make...
👍6
Bypass IIS Authorisation with this One Weird Trick - Three RCEs and Two Auth Bypasses in Sitecore 9.3
https://blog.assetnote.io/2023/05/10/sitecore-round-two/
https://blog.assetnote.io/2023/05/10/sitecore-round-two/
👍1
Microsoft patches bypass for recently fixed Outlook zero-click bug.
https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-bypass-for-recently-fixed-outlook-zero-click-bug/
https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-bypass-for-recently-fixed-outlook-zero-click-bug/
BleepingComputer
Microsoft patches bypass for recently fixed Outlook zero-click bug
Microsoft fixed a security vulnerability this week that could be used by remote attackers to bypass recent patches for a critical Outlook zero-day security flaw abused in the wild.
👍3
Salt Labs exposes a new vulnerability in popular OAuth framework, used in hundreds of online services
https://salt.security/blog/a-new-oauth-vulnerability-that-may-impact-hundreds-of-online-services
https://salt.security/blog/a-new-oauth-vulnerability-that-may-impact-hundreds-of-online-services
salt.security
New OAuth Vulnerability Impacts Hundreds of Online Services
OAuth vulnerability earns CVE-2023-28131. Salt exposes a new vulnerability in the popular OAuth framework, used in hundreds of online services.
👍4
Reversing Flutter-based Android Malware “Fluhorse”
https://www.fortinet.com/blog/threat-research/fortinet-reverses-flutter-based-android-malware-fluhorse
https://www.fortinet.com/blog/threat-research/fortinet-reverses-flutter-based-android-malware-fluhorse
Fortinet Blog
Fortinet Reverses Flutter-based Android Malware “Fluhorse”
Gain insights into the Fluhorse malware campaign as we've managed to fully reverse engineer the malicious Flutter applications. Learn more.…
👍2
A very good XSS writeup for CTF set by 'intigriti' team.
https://infosecwriteups.com/xss-intigriti-challenge-dae2dba1cb4c
https://infosecwriteups.com/xss-intigriti-challenge-dae2dba1cb4c
Medium
XSS Intigriti challenge 0523
Let me explain how did I overcome this XSS challenge set up by the bug bounty platform Intigriti. It may be a source of inspiration for…
👍1
■■□□□ SQL Injection cheatsheet.
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/SQL%20Injection
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/SQL%20Injection
GitHub
PayloadsAllTheThings/SQL Injection at master · swisskyrepo/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF - swisskyrepo/PayloadsAllTheThings
👍2
http://www.kamilonurozkaleli.com/posts/a-classical-account-takeover-case-via-multiple-bypasses/
Host header injection & account takeover(CDN akamai bypass)
Host header injection & account takeover(CDN akamai bypass)
Kamil Onur Özkaleli as ko2sec
A Classical Account Takeover Case via Multiple Bypasses
Introduction Recently I found a password reset/recovery flaw in a program at Synack. The vulnerability is the classical password reset link manipulation via Host Header Injection but rather than the vulnerability itself, the way how I managed to exploit it…