Forwarded from Mr Rahim
0NE 0F MY B.EST FINDlNGS 0F 2024 UPL0ADED lN P0C CHA.NNEL https://t.iss.one/brutsecurity_poc/36
π6
RustScan is a ultra-fast port scanner written In Rust (e.g., can scan 64K ports merely in seconds). It passes the results directly to Nmap for in-depth service enumeration and vulnerability analysis. This integration streamlines workflows by combining RustScan's speed with Nmap's detailed scanning capabilities ππ
RustScan is available on #Linux, #macOS and #Android termux
https://github.com/RustScan/RustScan
RustScan is available on #Linux, #macOS and #Android termux
https://github.com/RustScan/RustScan
π18πΏ2β€1
SubScan: A Chrome Extension for Bug Bounty Hunters
Check it out here:
https://github.com/Ractiurd/SubScan
Check it out here:
https://github.com/Ractiurd/SubScan
π₯19π5β€4
CVE-2024-56529: Session Fixation in Mailcow, 7.5 ratingβοΈ
The application does not disable old session IDs, which allows a remote attacker to use existing IDs in the victim's browser.
Search at Netlas.io:
π Link: https://nt.ls/AuyJw
π Dork: http.title:"mailcow UI"
Vendor's advisory: https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-23c8-4wwr-g3c6
The application does not disable old session IDs, which allows a remote attacker to use existing IDs in the victim's browser.
Search at Netlas.io:
π Link: https://nt.ls/AuyJw
π Dork: http.title:"mailcow UI"
Vendor's advisory: https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-23c8-4wwr-g3c6
π₯3π2π1
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯32β€10π4
where is the reaction guysss? π¨ π¨ π¨
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯12β€2π1
β€12
Unauthorized Data Upload in Alibaba Cloud β PoC by Chirag Artani π₯
A new video is out on our friendβs channel, showcasing the discovery of a fresh vulnerability. The video includes an interesting query and a practical example of exploitation. Donβt miss it! π
We also recommend checking out Chirag Artaniβs website and Twitter for more cybersecurity insights:
π Website: 3rag.com
π Twitter: x.com/Chirag99Artani
A new video is out on our friendβs channel, showcasing the discovery of a fresh vulnerability. The video includes an interesting query and a practical example of exploitation. Donβt miss it! π
We also recommend checking out Chirag Artaniβs website and Twitter for more cybersecurity insights:
π Website: 3rag.com
π Twitter: x.com/Chirag99Artani
YouTube
I found 9322 Targets For Unauthorized Data Upload In Alibaba Cloud | POC Exploit Explained Live
Note: do not harm any server, do not upload any malicious files like malware or anything. This is high severity bug which is leading to upload unauthorized data.
I found 9321 targets which are vulnerable for this vulnerability. This is just for learningβ¦
I found 9321 targets which are vulnerable for this vulnerability. This is just for learningβ¦
π7
One-liner to gather and crawl subdomains, then generate a custom wordlist from the target's discovered URLs ππ½
subfinder -d bugcrowd.com -silent | httpx -silent | hakrawler | tr '[:punct:]' '\n' | sort -u
subfinder -d bugcrowd.com -silent | httpx -silent | hakrawler | tr '[:punct:]' '\n' | sort -u
π13β€3
π Brut Security Hits 10K Subscribers! π
Thank you all for being part of this journey! From sharing knowledge and resources to building a strong cybersecurity community, Brut Security has grown beyond expectations.
Your support fuels everything we doβtraining, tools, research, and challenges like Breaking O-Auth. Whether youβre here for bug bounty tips, pentesting insights, or DFIR knowledge, this is just the beginning.
π₯ More exclusive content, live bug hunting, and deep-dive discussions coming soon! Stay tuned, stay curious, and keep hacking ethically.
#BrutSecurity #10KStrong #BugBounty #Cybersecurity
Thank you all for being part of this journey! From sharing knowledge and resources to building a strong cybersecurity community, Brut Security has grown beyond expectations.
Your support fuels everything we doβtraining, tools, research, and challenges like Breaking O-Auth. Whether youβre here for bug bounty tips, pentesting insights, or DFIR knowledge, this is just the beginning.
π₯ More exclusive content, live bug hunting, and deep-dive discussions coming soon! Stay tuned, stay curious, and keep hacking ethically.
#BrutSecurity #10KStrong #BugBounty #Cybersecurity
π₯10β€4
https://portswigger.net/research/top-10-web-hacking-techniques-of-2024
Please open Telegram to view this post
VIEW IN TELEGRAM
PortSwigger Research
Top 10 web hacking techniques of 2024
Welcome to the Top 10 Web Hacking Techniques of 2024, the 18th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year
π₯3π2β€1