CVE-2025-21535: Server Takeover in Oracle WebLogic, 9.8 rating π₯
An easily exploitable vulnerability in the Core component allows an unauthenticated attacker to remotely compromise a WebLogic server.
Search at Netlas.io:
π Link: https://nt.ls/6EpWK
π Dork: protocol:t3 OR protocol:t3s
Vendor's advisory: https://www.oracle.com/security-alerts/cpujan2025.html#AppendixFMW
An easily exploitable vulnerability in the Core component allows an unauthenticated attacker to remotely compromise a WebLogic server.
Search at Netlas.io:
π Link: https://nt.ls/6EpWK
π Dork: protocol:t3 OR protocol:t3s
Vendor's advisory: https://www.oracle.com/security-alerts/cpujan2025.html#AppendixFMW
π6π«‘1
Please open Telegram to view this post
VIEW IN TELEGRAM
π11π₯5β€3
Please open Telegram to view this post
VIEW IN TELEGRAM
Brut Security pinned Β«βΆοΈ Explore Bug Bounty POC Videos: https://t.iss.one/brutsecurity_pocΒ»
Please open Telegram to view this post
VIEW IN TELEGRAM
jasper-join-7e5 on Notion
IDOR Cheat Sheet | Notion
What if I told you that there is a web application vulnerability so simple to exploit, that it could make bug hunting feel like a breeze?
π12π₯2β€1
New Business Logic POC Video Shared -https://t.iss.one/brutsecurity_poc/9
π₯4β€1
CVE-2025-0314 and other: Multiple vulnerabilities in GitLab, 4.3 - 8.7 ratingβοΈ
In a recent advisory, GitLab writed about three vulnerabilities, including stored XSS, resource exhaustion, and protected CI/CD variables exfiltration.
Search at Netlas.io:
π Link: https://nt.ls/BNKS8
π Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/01/22/patch-release-gitlab-17-8-1-released/
In a recent advisory, GitLab writed about three vulnerabilities, including stored XSS, resource exhaustion, and protected CI/CD variables exfiltration.
Search at Netlas.io:
π Link: https://nt.ls/BNKS8
π Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/01/22/patch-release-gitlab-17-8-1-released/
π€4
site:*.example.com (ext:doc OR ext:docx OR ext:odt OR ext:pdf OR ext:rtf OR ext:ppt OR ext:pptx OR ext:csv OR ext:xls OR ext:xlsx OR ext:txt OR ext:xml OR ext:json OR ext:zip OR ext:rar OR ext:md OR ext:log OR ext:bak OR ext:conf OR ext:sql)Please open Telegram to view this post
VIEW IN TELEGRAM
π16π₯13β€1
echo "target.com" | gau --blacklist jpg,jpeg,gif,css,tif,tiff,png,ttf,woff,woff2,ico,pdf,svg \| grep -E "\.js($|\?.*)" \
| httpx -er "(?:(https?|ftp|git|ssh|telnet|smtp|imap|pop3|ldap|sftp|smb|nfs|rtmp|rtsp|ws|wss|irc|news|gopher|rsync|data):\/\/|\/)[^\s\"'\*\(\){};\\\^\$\&<>/\\?#]+(?:\?[^\s\"'<>/\\?#]+)?(?:\/[^\s\"'<>/\\?#]+)*" \-json -mr "application/javascript|text/javascript" \
| jq -r '.extracts[]' | tr -d '[],'Please open Telegram to view this post
VIEW IN TELEGRAM
β€20π₯16π³1
Where is the reaction guys? It's a good way to support the channel, so please do leave your reaction to grow this community. Thanks!
β οΈ Join Our Discussion Group - https://t.iss.one/brutsec
Please open Telegram to view this post
VIEW IN TELEGRAM
Telegram
Discussion
Community Discussion
β€16π³10π₯5
β‘Ultimate FFUF Cheat Sheet!
πhttps://medium.com/h7w/ultimate-ffuf-cheatsheet-advanced-fuzzing-tactics-for-pro-bug-hunters-492598750150
π
β€16π₯3π¨βπ»1
This media is not supported in your browser
VIEW IN TELEGRAM
Top 10 OffSec Certifications - Salary Wiseπ±
Please open Telegram to view this post
VIEW IN TELEGRAM
β€11
Use shell globbing / wildcard expansion. Here is an example
cat /e*c/p*s*d cat /etc/passwd. But how? Before cat runs, the shell expands the glob pattern /e*c/p*s*d to match actual files and directories in the filesystem.
/e*c:
/p*s*d:Please open Telegram to view this post
VIEW IN TELEGRAM
π19π«‘7