CVE-2025-9079: Path Traversal in Mattermost, 8.0 ratingβοΈ
A vulnerability in some versions of Mattermost allows attackers to execute arbitrary code via a malicious plugin.
Search at Netlas.io:
π Link: https://nt.ls/gCXcr
π Dork: http.title:"mattermost"
Vendor's advisories: https://mattermost.com/security-updates/
A vulnerability in some versions of Mattermost allows attackers to execute arbitrary code via a malicious plugin.
Search at Netlas.io:
π Link: https://nt.ls/gCXcr
π Dork: http.title:"mattermost"
Vendor's advisories: https://mattermost.com/security-updates/
β€6π₯4π³1
This media is not supported in your browser
VIEW IN TELEGRAM
π
Developer's VS Penetration tester's π
Developer's VS Penetration tester's π
π41πΏ4π₯2
Please open Telegram to view this post
VIEW IN TELEGRAM
π7β€5
Password Resets via Forged JWT Tokens
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯10β€5π1
Happy Durga Puja to all Brut Security members! May Maa Durga bless you with strength, wisdom, and protection in every battle you fight, both in life and in cyberspace. π π π
Please open Telegram to view this post
VIEW IN TELEGRAM
β€17π8π2
Hey Hunter's,
Darkshadow here back again, just dropping another SSRF!
Look this SSRF in exif.tools that i got. Interesting but not impactful. But still it's confirmed SSRF presents.
β¨Tip:
1οΈβ£If server made unauthenticated HTTP request and any how you see the http response content means critical SSRF
2οΈβ£If not showing any http response content means blind SSRF medium severity
#bugbountytips #ssrf
Darkshadow here back again, just dropping another SSRF!
Look this SSRF in exif.tools that i got. Interesting but not impactful. But still it's confirmed SSRF presents.
β¨Tip:
1οΈβ£If server made unauthenticated HTTP request and any how you see the http response content means critical SSRF
2οΈβ£If not showing any http response content means blind SSRF medium severity
#bugbountytips #ssrf
πΏ11π₯3β€1
Please open Telegram to view this post
VIEW IN TELEGRAM
β€15π1
πΈ Happy Bijaya Dashami πΈ
From the Brut Security family, wishing you all joy, peace, and success on this special day of Bijaya Dashami.
As Maa Durga returns to her divine abode, may her blessings bring strength, wisdom, and prosperity into your life.
π November Batch Enrollment is Now Open!
For all beginners and wanna-learners, weβre starting fresh batches for:
β’bPEH (Brut Practical Ethical Hacking)
β’bPWA / bPBB (Brut Practical Web Pentesting & Bug Bounty)
π Special student discounts are available.
π Seats are limited, so do enroll early!
βΎ wa.link/brutsecurity or +918945971332
From the Brut Security family, wishing you all joy, peace, and success on this special day of Bijaya Dashami.
As Maa Durga returns to her divine abode, may her blessings bring strength, wisdom, and prosperity into your life.
For all beginners and wanna-learners, weβre starting fresh batches for:
β’bPEH (Brut Practical Ethical Hacking)
β’bPWA / bPBB (Brut Practical Web Pentesting & Bug Bounty)
π Special student discounts are available.
π Seats are limited, so do enroll early!
Please open Telegram to view this post
VIEW IN TELEGRAM
β€10π2π’1
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯10π4β€3
This media is not supported in your browser
VIEW IN TELEGRAM
Binary or web?
π22πΏ13π3β€1π’1
domains.txt
836.9 KB
πDownload all bug bounty programs domains in scope items π―
πGet a full list of domains from active bug bounty programs across platforms like HackerOne, Bugcrowd, Intigriti, and more β all in one place!π₯
ππΌStep 1: Download the domains.txt file
πstep 2: Extract only main/root domains
`cat domains.txt | awk -F '.' '{print $(NF-1)"."$NF}' | grep -Eo '([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,}' | sort -u > main_domains`
πStep 3: Extract all IP addresses:
`grep -Eo '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b' domains.txt > ips.txt`
Don't forget to give reactionsβ€οΈ
πGet a full list of domains from active bug bounty programs across platforms like HackerOne, Bugcrowd, Intigriti, and more β all in one place!π₯
ππΌStep 1: Download the domains.txt file
πstep 2: Extract only main/root domains
`cat domains.txt | awk -F '.' '{print $(NF-1)"."$NF}' | grep -Eo '([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,}' | sort -u > main_domains`
πStep 3: Extract all IP addresses:
`grep -Eo '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b' domains.txt > ips.txt`
Don't forget to give reactionsβ€οΈ
β€34π₯8π6
Hey hunters,
DarkShadow here back again!
π₯SSTI to RCE in URL π
POC:
target.com/docs/1.0/123 = not found.
so i tried:
target.com/docs/1.0/?123 = now itβs reflecting in source code like /docs/1.0/?123#
so i tried again:
target.com/docs/1.0/?{{7*7}} = /docs/1.0/?49#
and itβs worked! SSTI payload it executed hereπ
after researching a while, code injection done by /docs/1.0/?{{phpinfo()}}
so guyβs always try be uniq and different. and if guyβs really love to read my buybounty methodologies then follow me in x x.com/darkshadow2bd
#ssti #bugbountytips
DarkShadow here back again!
π₯SSTI to RCE in URL π
POC:
target.com/docs/1.0/123 = not found.
so i tried:
target.com/docs/1.0/?123 = now itβs reflecting in source code like /docs/1.0/?123#
so i tried again:
target.com/docs/1.0/?{{7*7}} = /docs/1.0/?49#
and itβs worked! SSTI payload it executed hereπ
after researching a while, code injection done by /docs/1.0/?{{phpinfo()}}
so guyβs always try be uniq and different. and if guyβs really love to read my buybounty methodologies then follow me in x x.com/darkshadow2bd
#ssti #bugbountytips
π₯30β€5π3
This media is not supported in your browser
VIEW IN TELEGRAM
How to manually check for CL.TE Request Smuggling Vulnerabilities:
1οΈβ£ See if a GET request accepts POST
2οΈβ£ See if it accepts HTTP/1
3οΈβ£ Disable "Update Content-Length"
4οΈβ£ Send with CL & TE headers:
POST / HTTP/1.1
Host: <HOST-URL>
Content-Length: 6
Transfer-Encoding: chunked
0
G
5οΈβ£ Send request twice.
If you receive a response like "Unrecognized method GPOST", you've just confirmed a CL.TE vulnerability!
Try this out for yourself in our CL.TE lab: https://portswigger.net/web-security/request-smuggling/lab-basic-cl-te
1οΈβ£ See if a GET request accepts POST
2οΈβ£ See if it accepts HTTP/1
3οΈβ£ Disable "Update Content-Length"
4οΈβ£ Send with CL & TE headers:
POST / HTTP/1.1
Host: <HOST-URL>
Content-Length: 6
Transfer-Encoding: chunked
0
G
5οΈβ£ Send request twice.
If you receive a response like "Unrecognized method GPOST", you've just confirmed a CL.TE vulnerability!
Try this out for yourself in our CL.TE lab: https://portswigger.net/web-security/request-smuggling/lab-basic-cl-te
β€30π₯3π1
Please open Telegram to view this post
VIEW IN TELEGRAM
β€24