CVE-2022-36804
1.find open repo
cat hosts | httpx -follow-redirects -title -path /repos?visibility=public -match-string "repository-container" -threads 9500
2. check if it vulnerable in response
''is not a valid ref and may not be"
3. hack it :)
credit by :@notdls#bugbountytip
https://t.co/5sPf74H9NG
A large collection of different Google Dorks lists: gaming, carding, shopping, crypto, admin panels, sql-dorks and many others.
Contributor @anonymansz81 🇮🇩
#cybersecurity#pentest
#CVE-2022-39197 Cobalt Strike RCE =< 4.7
use codeql to search exploit chain from the database compiled by openjdk and cobaltstrike4.5 db
org.apache.batik.swing.JSVGCanvas#setURI
org.apache.batik.bridge.BaseScriptingEnvironment#loadScript
I've finally completed part 1 (of 2) of my analysis and exploitation of an uninitialized pointer vulnerability affecting certain TP-LINK routers. I hope you all enjoy ♥️
https://t.co/1EWJzNuSun
Critical RCE Vulnerability Affecting Quarkus Java Framework. CVE-2022-4116 (CVSS score: 9.8)
Quarkus dikembangkan oleh Red Hat, adalah proyek opensource yang digunakan untuk membuat aplikasi Java dalam lingkungan yang terkontainer dan tanpa server.
I'm excited to release the first version of a context-discovery tool I've been working on. https://t.co/4d7IEAvk7z - Chameleon can automatically detect the technologies running on a host and adapt to a calibrated wordlist.
https://t.co/VIMWwvmDxm
More car hacking!
Earlier this year, we were able to remotely unlock, start, locate, flash, and honk any remotely connected Honda, Nissan, Infiniti, and Acura vehicles, completely unauthorized, knowing only the VIN number of the car.
Here's how we found it, and how it works: