CVE-2024-56529: Session Fixation in Mailcow, 7.5 ratingβοΈ
The application does not disable old session IDs, which allows a remote attacker to use existing IDs in the victim's browser.
Search at Netlas.io:
π Link: https://nt.ls/AuyJw
π Dork: http.title:"mailcow UI"
Vendor's advisory: https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-23c8-4wwr-g3c6
The application does not disable old session IDs, which allows a remote attacker to use existing IDs in the victim's browser.
Search at Netlas.io:
π Link: https://nt.ls/AuyJw
π Dork: http.title:"mailcow UI"
Vendor's advisory: https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-23c8-4wwr-g3c6
π₯3π2π1
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯32β€10π4
where is the reaction guysss? π¨ π¨ π¨
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯12β€2π1
β€12
Unauthorized Data Upload in Alibaba Cloud β PoC by Chirag Artani π₯
A new video is out on our friendβs channel, showcasing the discovery of a fresh vulnerability. The video includes an interesting query and a practical example of exploitation. Donβt miss it! π
We also recommend checking out Chirag Artaniβs website and Twitter for more cybersecurity insights:
π Website: 3rag.com
π Twitter: x.com/Chirag99Artani
A new video is out on our friendβs channel, showcasing the discovery of a fresh vulnerability. The video includes an interesting query and a practical example of exploitation. Donβt miss it! π
We also recommend checking out Chirag Artaniβs website and Twitter for more cybersecurity insights:
π Website: 3rag.com
π Twitter: x.com/Chirag99Artani
YouTube
I found 9322 Targets For Unauthorized Data Upload In Alibaba Cloud | POC Exploit Explained Live
Note: do not harm any server, do not upload any malicious files like malware or anything. This is high severity bug which is leading to upload unauthorized data.
I found 9321 targets which are vulnerable for this vulnerability. This is just for learningβ¦
I found 9321 targets which are vulnerable for this vulnerability. This is just for learningβ¦
π7
One-liner to gather and crawl subdomains, then generate a custom wordlist from the target's discovered URLs ππ½
subfinder -d bugcrowd.com -silent | httpx -silent | hakrawler | tr '[:punct:]' '\n' | sort -u
subfinder -d bugcrowd.com -silent | httpx -silent | hakrawler | tr '[:punct:]' '\n' | sort -u
π13β€3
π Brut Security Hits 10K Subscribers! π
Thank you all for being part of this journey! From sharing knowledge and resources to building a strong cybersecurity community, Brut Security has grown beyond expectations.
Your support fuels everything we doβtraining, tools, research, and challenges like Breaking O-Auth. Whether youβre here for bug bounty tips, pentesting insights, or DFIR knowledge, this is just the beginning.
π₯ More exclusive content, live bug hunting, and deep-dive discussions coming soon! Stay tuned, stay curious, and keep hacking ethically.
#BrutSecurity #10KStrong #BugBounty #Cybersecurity
Thank you all for being part of this journey! From sharing knowledge and resources to building a strong cybersecurity community, Brut Security has grown beyond expectations.
Your support fuels everything we doβtraining, tools, research, and challenges like Breaking O-Auth. Whether youβre here for bug bounty tips, pentesting insights, or DFIR knowledge, this is just the beginning.
π₯ More exclusive content, live bug hunting, and deep-dive discussions coming soon! Stay tuned, stay curious, and keep hacking ethically.
#BrutSecurity #10KStrong #BugBounty #Cybersecurity
π₯10β€4
https://portswigger.net/research/top-10-web-hacking-techniques-of-2024
Please open Telegram to view this post
VIEW IN TELEGRAM
PortSwigger Research
Top 10 web hacking techniques of 2024
Welcome to the Top 10 Web Hacking Techniques of 2024, the 18th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year
π₯3π2β€1
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯4
This media is not supported in your browser
VIEW IN TELEGRAM
You can chain Subfinder with Shuffledns to enumerate subdomains & resolve only valid ones.
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯18β€6π2π2
Recon Skills and Tips.pptx.pdf
825.4 KB
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯13β€4π3