๐ฃ๐ฎ๐๐น๐ผ๐ฎ๐ฑ ๐ช๐ถ๐๐ฎ๐ฟ๐ฑ ๐ค - AI assistant that utilizes GPT-3.5 and GPT-4 language models to interpret and generate cybersecurity payloads.
๐ payload-wizard.vercel.app
๐ payload-wizard.vercel.app
๐11๐ฅ4
CVE-2025-0376 and other: Multiple vulnerabilitites in GitLab, 4.2 - 8.7 ratingโ๏ธ
With the new release, GitLab has disclosed several vulnerabilities, including XSS injection, DoS and others.
Search at Netlas.io:
๐ Link: https://nt.ls/50gFr
๐ Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/02/12/patch-release-gitlab-17-8-2-released/
With the new release, GitLab has disclosed several vulnerabilities, including XSS injection, DoS and others.
Search at Netlas.io:
๐ Link: https://nt.ls/50gFr
๐ Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/02/12/patch-release-gitlab-17-8-2-released/
๐10๐ฅ2โค1
Please open Telegram to view this post
VIEW IN TELEGRAM
โค36๐คฃ25๐ข4๐1๐จโ๐ป1
โ โ โ โ โก Leaking the email of any YouTube user for $10,000.
https://brutecat.com/articles/leaking-youtube-emails
https://brutecat.com/articles/leaking-youtube-emails
brutecat.com
Leaking the email of any YouTube user for $10,000
What could've been the largest data breach in the world - an attack chain on Google services to leak the email address of any YouTube channel
๐10๐ฟ3๐2
Brut Security
YouTube
๐จ Algolia Admin API Key CRITICAL Flaw Exposed! 2024 Exploit POC | Bug Bounty POC๐ฅ
โ ๏ธ WARNING: For Educational & Ethical Purposes Only! โ ๏ธ
In this video, I demonstrate a critical security vulnerability involving the Algolia Admin API Key and provide a step-by-step proof-of-concept (PoC) to showcase how this exploit could be abused. If youโreโฆ
In this video, I demonstrate a critical security vulnerability involving the Algolia Admin API Key and provide a step-by-step proof-of-concept (PoC) to showcase how this exploit could be abused. If youโreโฆ
๐ฅ10โค2
This media is not supported in your browser
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
๐15๐ฟ8๐ฅ5โค4๐1๐ซก1
Please open Telegram to view this post
VIEW IN TELEGRAM
๐11๐7โค3
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ37๐คฃ6๐3๐ฟ1
โก๏ธgrepsubsfromwebpages
โ Extract subdomains automatically while visiting webpages. Just add target domain name and this extension will start extracting subs from the webpages you visit.
๐https://github.com/hackersthan/grepsubsfromwebpages
โ Extract subdomains automatically while visiting webpages. Just add target domain name and this extension will start extracting subs from the webpages you visit.
๐https://github.com/hackersthan/grepsubsfromwebpages
๐9โค2๐ฅ2
This media is not supported in your browser
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
๐13โค7๐ฅ5
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ข21๐คฃ4๐2๐ฅ1
๐จ CVE-2025-1094: PostgreSQL psql SQL injection
๐ฅPoC:https://github.com/rapid7/metasploit-framework/pull/19877
๐งDeep Dive :https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis
๐Dorks:
HUNTER : protocol="postgresql"
FOFA : product="PostgreSQL"
SHODAN : "port:5432 PostgreSQL"
๐ฐRefer:https://thecyberthrone.in/2025/02/15/cve-2025-1094-impacts-postgresql-with-sql-injection/
๐ฅPoC:https://github.com/rapid7/metasploit-framework/pull/19877
๐งDeep Dive :https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis
๐Dorks:
HUNTER : protocol="postgresql"
FOFA : product="PostgreSQL"
SHODAN : "port:5432 PostgreSQL"
๐ฐRefer:https://thecyberthrone.in/2025/02/15/cve-2025-1094-impacts-postgresql-with-sql-injection/
๐12๐ฅ5โค3๐1
This media is not supported in your browser
VIEW IN TELEGRAM
javascript:(async function(){let scanningDiv=document.createElement("div");scanningDiv.style.position="fixed",scanningDiv.style.bottom="0",scanningDiv.style.left="0",scanningDiv.style.width="100%",scanningDiv.style.maxHeight="50%",scanningDiv.style.overflowY="scroll",scanningDiv.style.backgroundColor="white",scanningDiv.style.color="black",scanningDiv.style.padding="10px",scanningDiv.style.zIndex="9999",scanningDiv.style.borderTop="2px solid black",scanningDiv.innerHTML="<h4>Scanning...</h4>",document.body.appendChild(scanningDiv);let e=[],t=new Set;async function n(e){try{const t=await fetch(e);return t.ok?await t.text():(console.error(`Failed to fetch ${e}: ${t.status}`),null)}catch(t){return console.error(`Error fetching ${e}:`,t),null}}function o(e){return(e.startsWith("/")||e.startsWith("./")||e.startsWith("../"))&&!e.includes(" ")&&!/[^\x20-\x7E]/.test(e)&&e.length>1&&e.length<200}function s(e){return[...e.matchAll(/['"]((?:\/|\.\.\/|\.\/)[^'"]+)['"]/g)].map(e=>e[1]).filter(o)}async function c(o){if(t.has(o))return;t.add(o),console.log(`Fetching and processing: ${o}`);const c=await n(o);if(c){const t=s(c);e.push(...t)}}const l=performance.getEntriesByType("resource").map(e=>e.name);console.log("Resources found:",l);for(const e of l)await c(e);const i=[...new Set(e)];console.log("Final list of unique paths:",i),console.log("All scanned resources:",Array.from(t)),scanningDiv.innerHTML=`<h4>Unique Paths Found:</h4><ul>${i.map(e=>`<li>${e}</li>`).join("")}</ul>`})();
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ33๐7โค3
โก๏ธOne Million Dorks - A repository with text files containing a million dorks for finding potentially vulnerable web pages and sensitive data (in Google and other search engines). Can be used with various automation tools.
๐ฏhttps://github.com/HackShiv/OneDorkForAll/tree/main/dorks/1M_dork
#bugbounty #cybersecurity
๐ฏhttps://github.com/HackShiv/OneDorkForAll/tree/main/dorks/1M_dork
#bugbounty #cybersecurity
๐ฅ19๐9