Ninjasworkout:-- Vulnerable NodeJS Web Application.
ADDED BUGS:-
Prototype Pollution β 1
No SQL Injection β 2
Cross site Scripting β 3
Broken Access Control β 4
Broken Session Management β 5
Weak Regex Implementation β 6
Race Condition β 7
CSRF -Cross Site Request Forgery β 8
Weak Bruteforce Protection β 9
User Enumeration β 10
Reset Password token leaking in Referrer β 11
Reset Password bugs β 12
Sensitive Data Exposure β 13
Unicode Case Mapping Collision β 14
File Upload β 15
SSRF β 16
XXE
Open Redirection β 17
Directory Traversal β 18
Insecure Deserilization => Remote Code Execution β 19
https://github.com/effortlessdevsec/ninjasworkout
ADDED BUGS:-
Prototype Pollution β 1
No SQL Injection β 2
Cross site Scripting β 3
Broken Access Control β 4
Broken Session Management β 5
Weak Regex Implementation β 6
Race Condition β 7
CSRF -Cross Site Request Forgery β 8
Weak Bruteforce Protection β 9
User Enumeration β 10
Reset Password token leaking in Referrer β 11
Reset Password bugs β 12
Sensitive Data Exposure β 13
Unicode Case Mapping Collision β 14
File Upload β 15
SSRF β 16
XXE
Open Redirection β 17
Directory Traversal β 18
Insecure Deserilization => Remote Code Execution β 19
https://github.com/effortlessdevsec/ninjasworkout
β€17π3
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - akr3ch/BugBountyBooks: A collection of PDF/books about the modern web application security and bug bounty.
A collection of PDF/books about the modern web application security and bug bounty. - akr3ch/BugBountyBooks
π₯8β€5π2
Github subdomain takeover
Reward: $200
Program: Public
dev[.]to: https://dev.to/c4ng4c31r0/github-subdomain-takeover-3j6k
Reward: $200
Program: Public
dev[.]to: https://dev.to/c4ng4c31r0/github-subdomain-takeover-3j6k
DEV Community
Github subdomain takeover
reward: 200$ Description A subdomain takeover is when a misconfigured Domain Name...
π₯9π1
Price Tampering & Store XSS Bug poc _ Price Manipulation _ CodePrefer ---> https://t.iss.one/brutsecurity_poc/24
π₯8π€¨3πΏ2π1
Please open Telegram to view this post
VIEW IN TELEGRAM
1π₯6π3
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯8β€4
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯14π2
β‘Awesome Cyber Security University
β https://brootware.github.io/awesome-cyber-security-university/
β https://brootware.github.io/awesome-cyber-security-university/
π₯21β€6π4
Don't forget to give reactionsπ₯·
Please open Telegram to view this post
VIEW IN TELEGRAM
β€25π1
CVE-2024-11187, -12705: Vulnerabilities in BIND DNS Software, 7.5 ratingβοΈ
Two vulnerabilities in BIND allow DoS against DNS servers, which can be a preparatory step before the main attacks.
Search at Netlas.io:
π Link: https://nt.ls/bGSFv
π Dork: dns.banner:"BIND" OR dns_tcp.banner:"BIND"
Read more: https://kb.isc.org/docs/cve-2024-12705
Two vulnerabilities in BIND allow DoS against DNS servers, which can be a preparatory step before the main attacks.
Search at Netlas.io:
π Link: https://nt.ls/bGSFv
π Dork: dns.banner:"BIND" OR dns_tcp.banner:"BIND"
Read more: https://kb.isc.org/docs/cve-2024-12705
β€7
ProjectSend IDOR ---> https://t.iss.one/brutsecurity_poc/29
β€3π3π³1
This media is not supported in your browser
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯19π6β€1
Please open Telegram to view this post
VIEW IN TELEGRAM
Discord
Join the Brut Security Discord Server!
Check out the Brut Security community on Discord - hang out with 950 other members and enjoy free voice and text chat.
π1
At the time of publication, none of the scripts were flagged by antivirus systems. However, typically within 2-3 weeks after publication, some vendors begin to detect and flag the malicious files.
Please open Telegram to view this post
VIEW IN TELEGRAM
β€10π₯5π3
Please open Telegram to view this post
VIEW IN TELEGRAM
π5π₯2
https://t.iss.one/brutsecurity_poc/33
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯6