رایت آپ نفوذ به پنل ادمین یکی از دامنه های شرکت asus
https://medium.com/@mustafakhan_89646/asuss-admin-panel-auth-bypass-af5062584ddf?
به همراه ویدیو
#writeup
#bugbounty
#web
#pentest
@sec_nerd
https://medium.com/@mustafakhan_89646/asuss-admin-panel-auth-bypass-af5062584ddf?
به همراه ویدیو
#writeup
#bugbounty
#web
#pentest
@sec_nerd
Medium
ASUS’S ADMIN PANEL AUTH BYPASS
So this is the write up for my Asus’s admin panel bypass report that most of my friends were asking me. If you have private programs to…
This media is not supported in your browser
VIEW IN TELEGRAM
رمزنگاری داده های ارسالی از سوی کاربر به سمت دیتابیس در Mongodb امکانپذیر شد
از این به بعد دسترسی به فایلهای دیتابیس امکان خواندن داده های کاربری را به هکرها نخواهد داد.
https://www.mongodb.com/blog/post/field-level-encryption-is-ga
#mongodb
#nosql
#security
از این به بعد دسترسی به فایلهای دیتابیس امکان خواندن داده های کاربری را به هکرها نخواهد داد.
https://www.mongodb.com/blog/post/field-level-encryption-is-ga
#mongodb
#nosql
#security
گروه امنیت اطلاعات
https://t.iss.one/joinchat/Cu-7qUvIA5ULBMsmH9yVzA
بخش فارسی کانال:
https://t.iss.one/sec_nerd
بخش انگلیسی کانال:
https://t.iss.one/sec_nerd_en
https://t.iss.one/joinchat/Cu-7qUvIA5ULBMsmH9yVzA
بخش فارسی کانال:
https://t.iss.one/sec_nerd
بخش انگلیسی کانال:
https://t.iss.one/sec_nerd_en
راه اندازی بات تلگرامی برای تست نفوذ با استفاده از ابزارهای دلخواه
https://medium.com/@arbazhussain/telegram-bot-for-hacking-pentesting-b7856db28ef
#telegram
#bot
#pentest
@sec_nerd
https://medium.com/@arbazhussain/telegram-bot-for-hacking-pentesting-b7856db28ef
#telegram
#bot
#pentest
@sec_nerd
اپلیکیشن موبایلی موتور جستجوی shodan
https://github.com/PaulSec/Shodan.io-mobile-app
نسخه اندروید:
https://play.google.com/store/apps/details?id=io.shodan.app
#shodan
#android
@sec_nerd
https://github.com/PaulSec/Shodan.io-mobile-app
نسخه اندروید:
https://play.google.com/store/apps/details?id=io.shodan.app
#shodan
#android
@sec_nerd
رایت آپ های مرتبط با آسیب پذیری IDOR
https://medium.com/@UpdateLap/idor-facebook-malicious-person-add-people-to-the-top-fans-4f1887aad85a
https://medium.com/@Bohr/idor-lets-delete-any-account-2926ae85ddbd
https://medium.com/@black_b/yahoo-idor-elimination-of-any-comment-e898f4f955f1
https://medium.com/@mastenwap/vulnerability-idor-in-hago-games-f08a0aebcc43
https://medium.com/@mahmoudadel0x/two-captcha-bypasses-idor-and-token-reuse-3ccc385236b
https://medium.com/@be1iev3r/idor-leads-to-getting-all-customers-order-history-data-55dcfcd977f5
https://medium.com/@rajsek/my-2nd-facebook-bounty-poc-fb-data-of-birth-disclosure-d02e1bec50
https://medium.com/@jjowi/bug-idor-unsubscribe-email-klikindomaret-7d2f14509cd8
https://medium.com/@jjowi/bug-idor-apps-tirtoid-65ea9699315b
https://medium.com/@cyb3rlant3rn/email-bombing-idor-49654d18106
https://medium.com/@alhif/bug-idor-on-erpandistro-com-shopcart-8657981116fb
#idor
#pentest
#bugbounty
#writeup
@sec_nerd
https://medium.com/@UpdateLap/idor-facebook-malicious-person-add-people-to-the-top-fans-4f1887aad85a
https://medium.com/@Bohr/idor-lets-delete-any-account-2926ae85ddbd
https://medium.com/@black_b/yahoo-idor-elimination-of-any-comment-e898f4f955f1
https://medium.com/@mastenwap/vulnerability-idor-in-hago-games-f08a0aebcc43
https://medium.com/@mahmoudadel0x/two-captcha-bypasses-idor-and-token-reuse-3ccc385236b
https://medium.com/@be1iev3r/idor-leads-to-getting-all-customers-order-history-data-55dcfcd977f5
https://medium.com/@rajsek/my-2nd-facebook-bounty-poc-fb-data-of-birth-disclosure-d02e1bec50
https://medium.com/@jjowi/bug-idor-unsubscribe-email-klikindomaret-7d2f14509cd8
https://medium.com/@jjowi/bug-idor-apps-tirtoid-65ea9699315b
https://medium.com/@cyb3rlant3rn/email-bombing-idor-49654d18106
https://medium.com/@alhif/bug-idor-on-erpandistro-com-shopcart-8657981116fb
#idor
#pentest
#bugbounty
#writeup
@sec_nerd
Medium
IDOR FACEBOOK: malicious person add people to the “Top Fans”
Hi hackers,
رایت آپ کشف آسیب پذیری SSRF در وبسایت Vimeo
https://medium.com/@dPhoeniixx/vimeo-upload-function-ssrf-7466d8630437
#writeup
#ssrf
#vimeo
@sec_nerd
https://medium.com/@dPhoeniixx/vimeo-upload-function-ssrf-7466d8630437
#writeup
#ssrf
#vimeo
@sec_nerd
Medium
Vimeo upload function SSRF
TL;DR
This media is not supported in your browser
VIEW IN TELEGRAM
[PoC] CVE-2019-11932 Whatsapp 2.19.216 Remote Code Execution
1. set the listner ip (nc -lvp 5555)
2. run ./exploit and save the content to .gif
3. exploit.gif file and send it as Document with WhatsApp to another WhatsApp user
https://github.com/dorkerdevil/CVE-2019-11932
https://github.com/awakened1712/CVE-2019-11932
#whatsapp
#exploit
#rce
https://github.com/valbrux/CVE-2019-11932-SupportApp
@sec_nerd
1. set the listner ip (nc -lvp 5555)
2. run ./exploit and save the content to .gif
3. exploit.gif file and send it as Document with WhatsApp to another WhatsApp user
https://github.com/dorkerdevil/CVE-2019-11932
https://github.com/awakened1712/CVE-2019-11932
#exploit
#rce
https://github.com/valbrux/CVE-2019-11932-SupportApp
@sec_nerd
image_2019-12-14_20-23-31.png
185.3 KB
اکسپلویت کردن آسیب پذیری XSS با محدودیت ۲۰ کاراکتر
https://jlajara.gitlab.io/posts/2019/11/30/XSS_20_characters.html
#xss
#web
#bugbounty
@sec_nerd
https://jlajara.gitlab.io/posts/2019/11/30/XSS_20_characters.html
#xss
#web
#bugbounty
@sec_nerd
نقشه ی میزان گستردگی سرورهای آسیب پذیر Pulse Secure
https://docs.google.com/spreadsheets/d/1tDEWMl-IkFeUaegbp4KynwugYqIRWu4nAoRUM6KO1LM/edit
شناسه : CVE-2019-11510
🇺🇸United States: 1,381
🇯🇵 Japan: 430
🇬🇧 United Kingdom: 232
🇰🇷 South Korea: 214
🇫🇷 France: 190
🇩🇪 Germany: 145
🇨🇳 China: 126
🇧🇪 Belgium: 98
🇭🇰 Hong Kong: 92
🇨🇦 Canada: 80
All others: 1,033
#pulse
#network
#vpn
@sec_nerd
https://docs.google.com/spreadsheets/d/1tDEWMl-IkFeUaegbp4KynwugYqIRWu4nAoRUM6KO1LM/edit
شناسه : CVE-2019-11510
🇺🇸United States: 1,381
🇯🇵 Japan: 430
🇬🇧 United Kingdom: 232
🇰🇷 South Korea: 214
🇫🇷 France: 190
🇩🇪 Germany: 145
🇨🇳 China: 126
🇧🇪 Belgium: 98
🇭🇰 Hong Kong: 92
🇨🇦 Canada: 80
All others: 1,033
#pulse
#network
#vpn
@sec_nerd
Google Docs
Pulse Secure VPN servers vulnerable to CVE-2019-11510 by country – 2019-12-13 Scan Results
World Map
کشف آسیب پذیری XSS در فیسبوک که منجر به تسخیر اکانت میشود
https://ysamm.com/?p=343
#bugbounty
#writeup
#facebook
#xss
@sec_nerd
https://ysamm.com/?p=343
#bugbounty
#writeup
#xss
@sec_nerd
بانتی ۵۵۰ دلاری در کمتر از ۵ دقیقه!
https://medium.com/@ahmadbrainworks/bug-bounty-how-i-earned-550-in-less-than-5-minutes-open-redirect-chained-with-rxss-8957979070e5?
#writeup
#bugbounty
#web
#pentest
@sec_nerd
https://medium.com/@ahmadbrainworks/bug-bounty-how-i-earned-550-in-less-than-5-minutes-open-redirect-chained-with-rxss-8957979070e5?
#writeup
#bugbounty
#web
#pentest
@sec_nerd
Medium
BUG BOUNTY: How I earned $550 in less than 5 minutes. “Open Redirect chained with rXSS”
Assalamu Alaikum Warahmatullahi Wa Barakatuhu…
خواندنی های هفته ی گذشته:
🗞 https://hipotermia.pw/bb/http-desync-idor
🗞 https://gitlab.com/gitlab-com/gl-security/disclosures/blob/master/003_git_submodule/advisory.md#git-submodule-update-command-execution
🗞 https://reddit.com/r/crypto/comments/e8t17w/comment/faerj2m
🗞 https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui
🗞 https://diverto.github.io/2019/11/18/Cracking-LUKS-passphrases
#writeup
#bugbounty
#exploit
#pentest
@sec_nerd
🗞 https://hipotermia.pw/bb/http-desync-idor
🗞 https://gitlab.com/gitlab-com/gl-security/disclosures/blob/master/003_git_submodule/advisory.md#git-submodule-update-command-execution
🗞 https://reddit.com/r/crypto/comments/e8t17w/comment/faerj2m
🗞 https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui
🗞 https://diverto.github.io/2019/11/18/Cracking-LUKS-passphrases
#writeup
#bugbounty
#exploit
#pentest
@sec_nerd
hipotermia.pw
hipotermia - HTTP Request Smuggling + IDOR
A bug chain of HTTP Request Smuggling and an IDOR which allows to retrieve user sensitive data