Don't forget to react guys ๐
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฟ21๐ฅ10๐6๐4๐ณ2๐คฃ1๐ซก1
CVE-2025-20029: Command Injection in F5 BIG-IP, 8.8 ratingโ๏ธ
The vulnerability allows an attacker to escalate privileges, execute arbitrary commands, and manipulate system files. Not the latest vulnerability, but the PoC was published just recently!
Search at Netlas.io:
๐ Link: https://nt.ls/e17gN
๐ Dork: http.headers.server:"BigIP"
Vendor's advisory: https://my.f5.com/manage/s/article/K000148587
The vulnerability allows an attacker to escalate privileges, execute arbitrary commands, and manipulate system files. Not the latest vulnerability, but the PoC was published just recently!
Search at Netlas.io:
๐ Link: https://nt.ls/e17gN
๐ Dork: http.headers.server:"BigIP"
Vendor's advisory: https://my.f5.com/manage/s/article/K000148587
๐7โค3๐ฑ2
CVE-2025-24752: XSS in Elementor Page Builder, 7.1 ratingโ๏ธ
Reflected XSS in a large number of sites. Thanks to our friend Chirag Artani for suggesting the query!
Search at Netlas.io:
๐ Link: https://nt.ls/8wpei
๐ Dork: http.body:"plugins/elementor" AND host_type:domain
Read more: https://patchstack.com/articles/reflected-xss-patched-in-essential-addons-for-elementor-affecting-2-million-sites/
Reflected XSS in a large number of sites. Thanks to our friend Chirag Artani for suggesting the query!
Search at Netlas.io:
๐ Link: https://nt.ls/8wpei
๐ Dork: http.body:"plugins/elementor" AND host_type:domain
Read more: https://patchstack.com/articles/reflected-xss-patched-in-essential-addons-for-elementor-affecting-2-million-sites/
โค4๐3
Please open Telegram to view this post
VIEW IN TELEGRAM
app.netlas.io
Discover, Research and Monitor any Assets Available Online
Internet intelligence apps that provide accurate technical information on IP addresses, domain names, websites, web applications, IoT devices, and other online assets.
๐ฅ4
This media is not supported in your browser
VIEW IN TELEGRAM
Active link finding with xnLinkFinder! ๐
Command breakdown:
-i https://bugcrowd.com โ Target domain
-sp https://bugcrowd.com โ Scope prefix
-sf "bugcrowd.*" โ Scope filter
-d 2 โ Crawl depth
-v โ Verbose output
Command breakdown:
-i https://bugcrowd.com โ Target domain
-sp https://bugcrowd.com โ Scope prefix
-sf "bugcrowd.*" โ Scope filter
-d 2 โ Crawl depth
-v โ Verbose output
๐10โค9
This media is not supported in your browser
VIEW IN TELEGRAM
Popping alert(1) doesn't show REAL impact.
Escalate your XSS by stealing cookies instead๐
Escalate your XSS by stealing cookies instead๐
๐ฟ15๐ฅ4โค2
Is your open URL redirect payload getting blocked? ๐ง
Try one of these payloads to bypass it! ๐ค
https://www.intigriti.com/researchers/blog/hacking-tools/open-url-redirects-a-complete-guide-to-exploiting-open-url-redirect-vulnerabilities
Try one of these payloads to bypass it! ๐ค
https://www.intigriti.com/researchers/blog/hacking-tools/open-url-redirects-a-complete-guide-to-exploiting-open-url-redirect-vulnerabilities
โค7๐3๐ฅ2
Crazy Aliyun WAF Bypass:
cat /etc/hosts - triggers WAF
tac /etc/hosts - ๐งโโ๏ธ
Credit: @galnagli
#bugbountytips #bugbounty
cat /etc/hosts - triggers WAF
tac /etc/hosts - ๐งโโ๏ธ
Credit: @galnagli
#bugbountytips #bugbounty
๐ฅ5๐คจ3โค2๐2๐ฟ2
Some will find their first bug in a week, while others might take months. Some will excel in recon, others in web exploitation. Itโs not about how fast you get thereโitโs about persistence, learning, and adapting. Every failed attempt is a step forward, every mistake a lesson.
So, donโt compare your journey to others. Focus on your progress. Keep hacking, keep improving, and most importantly, keep walking your own path. Success will follow.
Please open Telegram to view this post
VIEW IN TELEGRAM
โค25๐5
Brut Security pinned ยซ๐ญ Everyoneโs journey in bug bounty is unique. What worked for one hacker may not work for you, and thatโs okay. Your growth isnโt defined by someone elseโs timeline. You have your own challenges to face, your own lessons to learn, and your own way of masteringโฆยป
โกLinkook - An OSINT tool for discovering linked social accounts and associated emails across multiple platforms using a single username.
โ https://github.com/JackJuly/linkook
โ https://github.com/JackJuly/linkook
๐13๐ซก3โค2
CVE-2024-47051: RCE in Mautic, 9.1 rating ๐ฅ
The vulnerability allows an attacker to conduct RCE through asset loading, as well as manipulate the file deletion process to delete arbitrary files.
Search at Netlas.io:
๐ Link: https://nt.ls/odIOX
๐ Dork: http.favicon.hash_sha256:67a5904d731636c114513a7df90d4d6bff7a3f690f305ef3487ac84844a5874e
Vendor's advisory: https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2
The vulnerability allows an attacker to conduct RCE through asset loading, as well as manipulate the file deletion process to delete arbitrary files.
Search at Netlas.io:
๐ Link: https://nt.ls/odIOX
๐ Dork: http.favicon.hash_sha256:67a5904d731636c114513a7df90d4d6bff7a3f690f305ef3487ac84844a5874e
Vendor's advisory: https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2
๐7๐ฑ3
Please open Telegram to view this post
VIEW IN TELEGRAM
๐15๐ฅ5