CVE-2025-22157: Improper Access Control in Atlassian Jira, 7.2 rating❗️

The vulnerability allows an authenticated attackers to escalate their privileges to administrator level or gain access to restricted workflows in Jira.

Search at Netlas.io:
👉 Link: https://nt.ls/lVuft
👉 Dork: http.meta:"content=\"JIRA\""

Vendor's advisory: https://confluence.atlassian.com/security/security-bulletin-may-20-2025-1561365992.html

🔥 Tried something new! Just dropped a quick guide on rooting Android Emulator + setting up Burp Suite for HTTPS interception.

✅ Manual setup
✅ Magisk + rootAVD
✅ Trusted Burp cert
✅ Meme vibes included 😎

📖 Read here: https://medium.com/p/how-to-root-your-android-emulator-hack-yourself-with-burp-suite-manually-like-a-legend-ef4fbe28ceab

Hey Hunters,

DarkShadow here back again—sorry for the delay, I’ve been a little sick. Please keep me in your prayers.

Anyway, just dropping a trick on how an out-of-scope target can lead to an in-scope critical vulnerability!

The story starts from a normal endpoint. When I clicked it, it redirected me somewhere else, and after resolving something, it returned the content. To check further what’s going on, I opened the request in Burp Suite. The endpoint performed a 302 redirect to an external domain, which was out of scope.

But here’s the twist—it was still showing the content from the original website I had requested. So I thought, maybe it’s working like a proxy?

Here comes the real mastery. Most bug hunters ignore this kind of behavior, but I decided to dig deeper. And yeah, I found a file: backup.zip
I instantly unzipped it and noticed a config/ folder, and inside it—a config.php file.

Guess what?
I found MySQL database credentials, and the most interesting part? The database URL was publicly accessible—not just localhost!

I tried connecting… and boom! I was successfully connected.
But wait—this domain is out of scope, right?

That’s what I thought too… until I started reading there massive database and was shocked—
It was the target's database, exposed through their proxy server, which had the hardcoded credentials in the config file.

At that moment, I was really excited.
Then I thought: What if I create a new user with admin role?
So I did exactly that—added an admin user to the database.

Now, on the target website, there’s a normal login page (not labeled as admin login), but I tried logging in with the new credentials and guess what?

BOOM! 💥
It logged me into the admin dashboard.

And just like that, I turned an out-of-scope target into a critical in-scope auth bypass vulnerability.✅


So guys, if you enjoyed this method, don’t forget to show some love—and please, pray for me, I’m really sick right now.

And don’t forget to follow me on X (Twitter): x.com/Darkshadow2bd

#bugbountytips #infosec

https://powerade.com.s3.amazonaws.com/index.html

guy's let's see whos explaination is better!

what is the impact after takeover a in-scop target S3 bucket?🤔

‎Follow the Brut Security channel on WhatsApp: https://whatsapp.com/channel/0029VacUEmpCnA8014ZLnm1L

CVE-2025-47577: Unrestricted Upload of File with Dangerous Type in TI WooCommerce Wishlist Plugin, 10.0 rating 🔥🔥🔥

Failure to check the types of uploaded files allows attackers to upload a web shell to the server and perform RCE.

Search at Netlas.io:
👉 Link: https://nt.ls/jYyss
👉 Dork: http.body:"plugins/ti-woocommerce-wishlist"

Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ti-woocommerce-wishlist/ti-woocommerce-wishlist-292-unauthenticated-arbitrary-file-upload

⚡List of 100 Web Vulnerabilities

⚡ csprecon - Discover new target domains using Content Security Policy

🚨https://github.com/edoardottt/csprecon