X-Originaal-URL: /v1/api/endpoint_here
BOOM => Entire API routes disclosure.
Credit: @driccosec
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯18β€5π1
CVE-2025-22609, -22611, -22612: Multiple vulnerabilities in Coolify, 10.0 rating π₯π₯π₯
Three vulnerabilities of highest severity in Coolify allow for RCE, privilege escalation, and authentication bypass.
Search at Netlas.io:
π Link: https://nt.ls/vUWWf
π Dork: http.favicon.hash_sha256:eaf648b6000a49599ed58bda49e576d0f981e535a8075d524a4be890edcf96d0 AND uri:*login*
Vendor's advisory: https://github.com/coollabsio/coolify/security/advisories/GHSA-3w2c-jfr2-9pg9
Three vulnerabilities of highest severity in Coolify allow for RCE, privilege escalation, and authentication bypass.
Search at Netlas.io:
π Link: https://nt.ls/vUWWf
π Dork: http.favicon.hash_sha256:eaf648b6000a49599ed58bda49e576d0f981e535a8075d524a4be890edcf96d0 AND uri:*login*
Vendor's advisory: https://github.com/coollabsio/coolify/security/advisories/GHSA-3w2c-jfr2-9pg9
tenten.online business logic BUG POC ---> https://t.iss.one/brutsecurity_poc/23
π10π3
Where is the reactions π₯
Please open Telegram to view this post
VIEW IN TELEGRAM
πΏ13π4π³3π2
π‘Blackbird is a powerful OSINT tool designed for fast and efficient searches of user accounts by username or email across multiple platforms, streamlining digital investigations.
https://github.com/p1ngul1n0/blackbird
https://github.com/p1ngul1n0/blackbird
π₯10π5π€2
This media is not supported in your browser
VIEW IN TELEGRAM
π€£15π1π1
Ninjasworkout:-- Vulnerable NodeJS Web Application.
ADDED BUGS:-
Prototype Pollution β 1
No SQL Injection β 2
Cross site Scripting β 3
Broken Access Control β 4
Broken Session Management β 5
Weak Regex Implementation β 6
Race Condition β 7
CSRF -Cross Site Request Forgery β 8
Weak Bruteforce Protection β 9
User Enumeration β 10
Reset Password token leaking in Referrer β 11
Reset Password bugs β 12
Sensitive Data Exposure β 13
Unicode Case Mapping Collision β 14
File Upload β 15
SSRF β 16
XXE
Open Redirection β 17
Directory Traversal β 18
Insecure Deserilization => Remote Code Execution β 19
https://github.com/effortlessdevsec/ninjasworkout
ADDED BUGS:-
Prototype Pollution β 1
No SQL Injection β 2
Cross site Scripting β 3
Broken Access Control β 4
Broken Session Management β 5
Weak Regex Implementation β 6
Race Condition β 7
CSRF -Cross Site Request Forgery β 8
Weak Bruteforce Protection β 9
User Enumeration β 10
Reset Password token leaking in Referrer β 11
Reset Password bugs β 12
Sensitive Data Exposure β 13
Unicode Case Mapping Collision β 14
File Upload β 15
SSRF β 16
XXE
Open Redirection β 17
Directory Traversal β 18
Insecure Deserilization => Remote Code Execution β 19
https://github.com/effortlessdevsec/ninjasworkout
β€17π3
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - akr3ch/BugBountyBooks: A collection of PDF/books about the modern web application security and bug bounty.
A collection of PDF/books about the modern web application security and bug bounty. - akr3ch/BugBountyBooks
π₯8β€5π2
Github subdomain takeover
Reward: $200
Program: Public
dev[.]to: https://dev.to/c4ng4c31r0/github-subdomain-takeover-3j6k
Reward: $200
Program: Public
dev[.]to: https://dev.to/c4ng4c31r0/github-subdomain-takeover-3j6k
DEV Community
Github subdomain takeover
reward: 200$ Description A subdomain takeover is when a misconfigured Domain Name...
π₯9π1
Price Tampering & Store XSS Bug poc _ Price Manipulation _ CodePrefer ---> https://t.iss.one/brutsecurity_poc/24
π₯8π€¨3πΏ2π1
Please open Telegram to view this post
VIEW IN TELEGRAM
1π₯6π3
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯8β€4
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯14π2