CVE-2024-55573, -53923: SQLi in Centreon, 9.1 rating π₯
The vulnerabilities allow an attacker with high privileges to perform SQL injection into a form for uploading media.
Search at Netlas.io:
π Link: https://nt.ls/NETLB
π Dork: http.favicon.hash_sha256:795c0f8c1ff23b992d6ccb91df5e6488d4c259585da58b2e2f8eeee71147516a OR http.favicon.hash_sha256:c95e0dc8a2cc9a45d29c5381e62e48bde88f661408d4b811e72933fa7da32d4e
Vendor's advisory: https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-55573-centreon-web-critical-severity-4264
The vulnerabilities allow an attacker with high privileges to perform SQL injection into a form for uploading media.
Search at Netlas.io:
π Link: https://nt.ls/NETLB
π Dork: http.favicon.hash_sha256:795c0f8c1ff23b992d6ccb91df5e6488d4c259585da58b2e2f8eeee71147516a OR http.favicon.hash_sha256:c95e0dc8a2cc9a45d29c5381e62e48bde88f661408d4b811e72933fa7da32d4e
Vendor's advisory: https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-55573-centreon-web-critical-severity-4264
π₯6π1π«‘1
Fortinet FortiOS Authentication Bypass CVE-2024-55591
Query:
HUNTER:/product.name="Fortinet Firewall"
FOFA: product="FORTINET-Firewall"
SHODAN: instances running fortigate:
http.favicon.hash:945408572
ZoomEye Dork: app="Fortinet Firewall"
#BugBounty #CyberSecurity
Query:
HUNTER:/product.name="Fortinet Firewall"
FOFA: product="FORTINET-Firewall"
SHODAN: instances running fortigate:
http.favicon.hash:945408572
ZoomEye Dork: app="Fortinet Firewall"
#BugBounty #CyberSecurity
π9β€4π₯1
Extract all endpoints from a JS File and take your bug π
β Method one
β Method two
#infosec #cybersec #bugbountytips
β Method one
waybackurls HOSTS | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?
15*[=: 1\5*[ '\"]?[^'\"]+.js[^'|"> ]*" | awk -F '/'
'{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh
-c "curl -k -s \"%)" | sed \"s/[;}\)>]/\n/g\" | grep -Po \" (L'1|\"](https?: )?[/1{1,2}[^'||l"> 1{5,3)|(\.
(get|post|ajax|load)\s*\(\5*['||\"](https?:)?[/1{1,2}[^'||\"> ]
{5,})\"" | awk -F "['|"]" '{print $2}' sort -fu
β Method two
cat JS.txt | grep -aop "(?<=(\"|\'|' ))\/[a-zA-Z0-9?&=\/-#.](?= (\"||'|'))" | sort -u | tee JS.txt
#infosec #cybersec #bugbountytips
π11π₯3β€2
πConfig Repo- https://github.com/shellvik/shvbox/
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯4π2
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯4
Forwarded from Mr Rahim
This media is not supported in your browser
VIEW IN TELEGRAM
Tech industry Right now
π€£10π1
π Link Gopherπ Adblock Plusπ FoxyProxy Standardπ Video Speed Controllerπ Check XSSπ HackToolsπ Bulk URL Openerπ Temp Mailπ JS Beautify CSS HTMLπ Multi-Account Containers
π
TruffleHog
π
Code Formatter
π
Freedium Extension
π
BuiltWith
π
Wappalyzer
π
WhatRuns
π
Retire.js
π
Cookie Extractor
π
Wayback Machine
π
EXIF Data Viwer
π
Shodan
π
S3 Bucket List
π
Ublock Origin
π
Resources Saver
π
Dot Git
π
EndPointer
Please open Telegram to view this post
VIEW IN TELEGRAM
π€16π₯7β€4π3
X-Originaal-URL: /v1/api/endpoint_here
BOOM => Entire API routes disclosure.
Credit: @driccosec
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯18β€5π1
CVE-2025-22609, -22611, -22612: Multiple vulnerabilities in Coolify, 10.0 rating π₯π₯π₯
Three vulnerabilities of highest severity in Coolify allow for RCE, privilege escalation, and authentication bypass.
Search at Netlas.io:
π Link: https://nt.ls/vUWWf
π Dork: http.favicon.hash_sha256:eaf648b6000a49599ed58bda49e576d0f981e535a8075d524a4be890edcf96d0 AND uri:*login*
Vendor's advisory: https://github.com/coollabsio/coolify/security/advisories/GHSA-3w2c-jfr2-9pg9
Three vulnerabilities of highest severity in Coolify allow for RCE, privilege escalation, and authentication bypass.
Search at Netlas.io:
π Link: https://nt.ls/vUWWf
π Dork: http.favicon.hash_sha256:eaf648b6000a49599ed58bda49e576d0f981e535a8075d524a4be890edcf96d0 AND uri:*login*
Vendor's advisory: https://github.com/coollabsio/coolify/security/advisories/GHSA-3w2c-jfr2-9pg9
tenten.online business logic BUG POC ---> https://t.iss.one/brutsecurity_poc/23
π10π3
Where is the reactions π₯
Please open Telegram to view this post
VIEW IN TELEGRAM
πΏ13π4π³3π2
π‘Blackbird is a powerful OSINT tool designed for fast and efficient searches of user accounts by username or email across multiple platforms, streamlining digital investigations.
https://github.com/p1ngul1n0/blackbird
https://github.com/p1ngul1n0/blackbird
π₯10π5π€2
This media is not supported in your browser
VIEW IN TELEGRAM
π€£15π1π1