FreshRSS

๐Ÿ”’
โŒ Secure Planet Training Courses Updated For 2019 - Click Here
โ˜ท
โ–ณ ๐Ÿ”ƒ
There are new available articles, click to refresh the page.
Before yesterdayYour RSS feeds

Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign

By: Newsroom
Cybersecurity researchers have discovered a new campaign that's exploiting a recently disclosed security flaw in Fortinet FortiClient EMS devices to deliver ScreenConnect and Metasploit Powerfun payloads. The activity entails the exploitation of CVE-2023-48788 (CVSS score: 9.3), a critical SQL injection flaw that could permit an unauthenticated attacker to execute unauthorized code or

WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw

By: Newsroom
WordPress users of miniOrange's Malware Scanner and Web Application Firewall plugins are being urged to delete them from their websites following the discovery of a critical security flaw. The flaw, tracked as CVE-2024-2172, is rated 9.8 out of a maximum of 10 on the CVSS scoring system and discovered by Stiofan. It impacts the following versions of the two plugins - Malware Scanner (

Google-Dorks-Bug-Bounty - A List Of Google Dorks For Bug Bounty, Web Application Security, And Pentesting

By: Zion3R


A list of Google Dorks for Bug Bounty, Web Application Security, and Pentesting

Live Tool


Broad domain search w/ negative search

site:example.com -www -shop -share -ir -mfa

PHP extension w/ parameters

site:example.com ext:php inurl:?

Disclosed XSS and Open Redirects

site:openbugbounty.org inurl:reports intext:"example.com"

Juicy Extensions

site:"example[.]com" ext:log | ext:txt | ext:conf | ext:cnf | ext:ini | ext:env | ext:sh | ext:bak | ext:backup | ext:swp | ext:old | ext:~ | ext:git | ext:svn | ext:htpasswd | ext:htaccess

XSS prone parameters

inurl:q= | inurl:s= | inurl:search= | inurl:query= | inurl:keyword= | inurl:lang= inurl:& site:example.com

Open Redirect prone parameters

inurl:url= | inurl:return= | inurl:next= | inurl:redirect= | inurl:redir= | inurl:ret= | inurl:r2= | inurl:page= inurl:& inurl:http site:example.com

SQLi Prone Parameters

inurl:id= | inurl:pid= | inurl:category= | inurl:cat= | inurl:action= | inurl:sid= | inurl:dir= inurl:& site:example.com

SSRF Prone Parameters

inurl:http | inurl:url= | inurl:path= | inurl:dest= | inurl:html= | inurl:data= | inurl:domain= | inurl:page= inurl:& site:example.com

LFI Prone Parameters

inurl:include | inurl:dir | inurl:detail= | inurl:file= | inurl:folder= | inurl:inc= | inurl:locate= | inurl:doc= | inurl:conf= inurl:& site:example.com

RCE Prone Parameters

inurl:cmd | inurl:exec= | inurl:query= | inurl:code= | inurl:do= | inurl:run= | inurl:read= | inurl:ping= inurl:& site:example.com

High % inurl keywords

inurl:config | inurl:env | inurl:setting | inurl:backup | inurl:admin | inurl:php site:example[.]com

Sensitive Parameters

inurl:email= | inurl:phone= | inurl:password= | inurl:secret= inurl:& site:example[.]com

API Docs

inurl:apidocs | inurl:api-docs | inurl:swagger | inurl:api-explorer site:"example[.]com"

Code Leaks

site:pastebin.com "example.com"

site:jsfiddle.net "example.com"

site:codebeautify.org "example.com"

site:codepen.io "example.com"

Cloud Storage

site:s3.amazonaws.com "example.com"

site:blob.core.windows.net "example.com"

site:googleapis.com "example.com"

site:drive.google.com "example.com"

site:dev.azure.com "example[.]com"

site:onedrive.live.com "example[.]com"

site:digitaloceanspaces.com "example[.]com"

site:sharepoint.com "example[.]com"

site:s3-external-1.amazonaws.com "example[.]com"

site:s3.dualstack.us-east-1.amazonaws.com "example[.]com"

site:dropbox.com/s "example[.]com"

site:box.com/s "example[.]com"

site:docs.google.com inurl:"/d/" "example[.]com"

JFrog Artifactory

site:jfrog.io "example[.]com"

Firebase

site:firebaseio.com "example[.]com"

File upload endpoints

site:example.com "choose file"

Dorks that work better w/o domain

Bug Bounty programs and Vulnerability Disclosure Programs

"submit vulnerability report" | "powered by bugcrowd" | "powered by hackerone"

site:*/security.txt "bounty"

Apache Server Status Exposed

site:*/server-status apache

WordPress

inurl:/wp-admin/admin-ajax.php

Drupal

intext:"Powered by" & intext:Drupal & inurl:user

Joomla

site:*/joomla/login

Medium articles for more dorks:

https://thegrayarea.tech/5-google-dorks-every-hacker-needs-to-know-fed21022a906

https://infosecwriteups.com/uncover-hidden-gems-in-the-cloud-with-google-dorks-8621e56a329d

https://infosecwriteups.com/10-google-dorks-for-sensitive-data-9454b09edc12

Top Parameters:

https://github.com/lutfumertceylan/top25-parameter

Proviesec dorks:

https://github.com/Proviesec/google-dorks



Demystifying a Common Cybersecurity Myth

By: The Hacker News
One of the most common misconceptions in file upload cybersecurity is that certain tools are โ€œenoughโ€ on their ownโ€”this is simply not the case. In our latest whitepaper OPSWAT CEO and Founder, Benny Czarny, takes a comprehensive look at what it takes to prevent malware threats in todayโ€™s ever-evolving file upload security landscape, and a big part of that is understanding where the

Route-Detect - Find Authentication (Authn) And Authorization (Authz) Security Bugs In Web Application Routes

By: Zion3R


Find authentication (authn) and authorization (authz) security bugs in web application routes:


Web application HTTP route authn and authz bugs are some of the most common security issues found today. These industry standard resources highlight the severity of the issue:

Supported web frameworks (route-detect IDs in parentheses):

  • Python: Django (django, django-rest-framework), Flask (flask), Sanic (sanic)
  • PHP: Laravel (laravel), Symfony (symfony), CakePHP (cakephp)
  • Ruby: Rails* (rails), Grape (grape)
  • Java: JAX-RS (jax-rs), Spring (spring)
  • Go: Gorilla (gorilla), Gin (gin), Chi (chi)
  • JavaScript/TypeScript: Express (express), React (react), Angular (angular)

*Rails support is limited. Please see this issue for more information.

Installing

Use pip to install route-detect:

$ python -m pip install --upgrade route-detect

You can check that route-detect is installed correctly with the following command:

$ echo 'print(1 == 1)' | semgrep --config $(routes which test-route-detect) -
Scanning 1 file.

Findings:

  /tmp/stdin
     routes.rules.test-route-detect
        Found '1 == 1', your route-detect installation is working correctly

          1รขโ€โ€  print(1 == 1)


Ran 1 rule on 1 file: 1 finding.

Using

route-detect provides the routes CLI command and uses semgrep to search for routes.

Use the which subcommand to point semgrep at the correct web application rules:

$ semgrep --config $(routes which django) path/to/django/code

Use the viz subcommand to visualize route information in your browser:

$ semgrep --json --config $(routes which django) --output routes.json path/to/django/code
$ routes viz --browser routes.json

If you're not sure which framework to look for, you can use the special all ID to check everything:

$ semgrep --json --config $(routes which all) --output routes.json path/to/code

If you have custom authn or authz logic, you can copy route-detect's rules:

$ cp $(routes which django) my-django.yml

Then you can modify the rule as necessary and run it like above:

$ semgrep --json --config my-django.yml --output routes.json path/to/django/code
$ routes viz --browser routes.json

Contributing

route-detect uses poetry for dependency and configuration management.

Before proceeding, install project dependencies with the following command:

$ poetry install --with dev

Linting

Lint all project files with the following command:

$ poetry run pre-commit run --all-files

Testing

Run Python tests with the following command:

$ poetry run pytest --cov

Run Semgrep rule tests with the following command:

$ poetry run semgrep --test --config routes/rules/ tests/test_rules/


Bug or Feature? Hidden Web Application Vulnerabilities Uncovered

By: The Hacker News
Web Application Security consists of a myriad of security controls that ensure that a web application: Functions as expected. Cannot be exploited to operate out of bounds. Cannot initiate operations that it is not supposed to do. Web Applications have become ubiquitous after the expansion of Web 2.0, which Social Media Platforms, E-Commerce websites, and email clients saturating the internet

New Critical RCE Vulnerability Discovered in Apache Struts 2 - Patch Now

By: Newsroom
Apache has released a security advisory warning of a critical security flaw in the Struts 2 open-source web application framework that could result in remote code execution. Tracked as CVE-2023-50164, the vulnerability is rooted in a flawed "file upload logic" that could enable unauthorized path traversal and could be exploited under the circumstances to upload a malicious file

Forbidden-Buster - A Tool Designed To Automate Various Techniques In Order To Bypass HTTP 401 And 403 Response Codes And Gain Access To Unauthorized Areas In The System

By: Zion3R


Forbidden Buster is a tool designed to automate various techniques in order to bypass HTTP 401 and 403 response codes and gain access to unauthorized areas in the system. This code is made for security enthusiasts and professionals only. Use it at your own risk.

  • Probes HTTP 401 and 403 response codes to discover potential bypass techniques.
  • Utilizes various methods and headers to test and bypass access controls.
  • Customizable through command-line arguments.

Install requirements

pip3 install -r requirements.txt

Run the script

python3 forbidden_buster.py -u http://example.com

Forbidden Buster accepts the following arguments:

fuzzing (stressful) --include-user-agent Include User-Agent fuzzing (stressful)" dir="auto">
  -h, --help            show this help message and exit
  -u URL, --url URL     Full path to be used
  -m METHOD, --method METHOD
                        Method to be used. Default is GET
  -H HEADER, --header HEADER
                        Add a custom header
  -d DATA, --data DATA  Add data to requset body. JSON is supported with escaping
  -p PROXY, --proxy PROXY
                        Use Proxy
  --rate-limit RATE_LIMIT
                        Rate limit (calls per second)
  --include-unicode     Include Unicode fuzzing (stressful)
  --include-user-agent  Include User-Agent fuzzing (stressful)

Example Usage:

python3 forbidden_buster.py --url "http://example.com/secret" --method POST --header "Authorization: Bearer XXX" --data '{\"key\":\"value\"}' --proxy "http://proxy.example.com" --rate-limit 5 --include-unicode --include-user-agent

  • Hacktricks - Special thanks for providing valuable techniques and insights used in this tool.
  • SecLists - Credit to danielmiessler's SecLists for providing the wordlists.
  • kaimi - Credit to kaimi's "Possible IP Bypass HTTP Headers" wordlist.


New Webinar: 5 Must-Know Trends Impacting AppSec

By: The Hacker News
Modern web app development relies on cloud infrastructure and containerization. These technologies scale on demand, handling millions of daily file transfers โ€“ it's almost impossible to imagine a world without them. However, they also introduce multiple attack vectors that exploit file uploads when working with public clouds, vulnerabilities in containers hosting web applications, and many other

Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

By: Newsroom
The threat actor known asย Winter Vivernย has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims' accounts. "Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube," ESET security researcher Matthieu Faouย saidย in a new report published today. Previously, it was using known

API Security Trends 2023 โ€“ Have Organizations Improved their Security Posture?

By: The Hacker News
APIs, also known as application programming interfaces, serve as the backbone of modern software applications, enabling seamless communication and data exchange between different systems and platforms. They provide developers with an interface to interact with external services, allowing them to integrate various functionalities into their own applications. However, this increased reliance on

Researcher Reveals New Techniques to Bypass Cloudflare's Firewall and DDoS Protection

By: Newsroom
Firewall and distributed denial-of-service (DDoS) attack prevention mechanisms in Cloudflare can be circumvented by exploiting gaps in cross-tenant security controls, defeating the very purpose of these safeguards, it has emerged. "Attackers can utilize their own Cloudflare accounts to abuse the per-design trust-relationship between Cloudflare and the customers' websites, rendering the

Do You Really Trust Your Web Application Supply Chain?

By: The Hacker News
Well, you shouldnโ€™t. It may already be hiding vulnerabilities. It's the modular nature of modern web applications that has made them so effective. They can call on dozens of third-party web components, JS frameworks, and open-source tools to deliver all the different functionalities that keep their customers happy, but this chain of dependencies is also what makes them so vulnerable. Many of

Decider - A Web Application That Assists Network Defenders, Analysts, And Researcher In The Process Of Mapping Adversary Behaviors To The MITRE ATT&CK Framework

By: noreply@blogger.com (Unknown)

What is it?

The Short

A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CKยฎ framework.


The Long

Decider is a tool to help analysts map adversary behavior to the MITRE ATT&CK framework. Decider makes creating ATT&CK mappings easier to get right by walking users through the mapping process. It does so by asking a series of guided questions about adversary activity to help them arrive at the correct tactic, technique, or subtechnique. Decider has a powerful search and filter functionality that enables users to focus on the parts of ATT&CK that are relevant to their analysis. Decider also has a cart functionality that lets users export results to commonly used formats, such as tables and ATT&CK Navigatorโ„ข heatmaps.

The Screenshots

Decider's Question Tree

(you are here)[Matrix > Tactic] > Technique > SubTechnique

Decider's Full Technique Search

Boolean expressions, prefix-matching, and stemming included.

The Notice

This project makes use of MITRE ATT&CK - ATT&CK Terms of Use

Usage

Read the User Guide

Installation

Docker

Best option for 99% of people

git clone https://github.com/cisagov/decider.git
cd decider
cp .env.example .env
[sudo] docker compose up

sudo for Linux only

Linux tested on:

  • Ubuntu Jammy 22.04.2 LTS
  • Docker Engine
    • Not Docker Desktop (couldn't get nested-virt in my VM)

Windows tested on:

  • Windows 11 Home, version 22H2, build 22621.1344
  • Home doesn't support HyperV

macOS (M1) tested on:

  • macOS Ventura 13.2.1 (22D68)
  • Mac M1 Processor
  • On Docker Desktop installed via .dmg

It is ready when Starting uWSGI appears

Then visit http://localhost:8001/

(Port is set by .env WEB_PORT)

Default Login:

And note: Postgres stores its data in a Docker volume to persist the database.

Manual Install

Read the Admin Guide

There are some issues in the instructions... Working on it, simplifying them

Help Tips:

  • Use Python 3.8.10 / 3.8.x on Linux / mac
  • Follow the order of instructions
  • Watch out using sudo with python - it won't keep the venv you're in by default
  • If just running for yourself locally:
    • Don't create a system account for decider
    • Don't use uWSGI
    • Use the built-in debug Flask server
  • Mac M1 users should install Postgres before installing the pip requirements
    • brew install postgresql
    • Explained: psycopg2-binary isn't using a pre-built binary and tries to compile from scratch, and it can't find pg_config.


Top SaaS Cybersecurity Threats in 2023: Are You Ready?

By: The Hacker News
Cybercriminals will be as busy as ever this year. Stay safe and protect your systems and data by focusing on these 4 key areas to secure your environment and ensure success in 2023, and make sure your business is only in the headlines when you WANT it to be.ย 1 โ€” Web application weaknesses Web applications are at the core of what SaaS companies do and how they operate, and they can store some of

Researchers Detail New Attack Method to Bypass Popular Web Application Firewalls

By: Ravie Lakshmanan
A new attack method can be used to circumvent web application firewalls (WAFs) of various vendors and infiltrate systems, potentially enabling attackers to gain access to sensitive business and customer information. Web application firewalls are aย key line of defenseย to help filter, monitor, and block HTTP(S) traffic to and from a web application, and safeguard against attacks such as cross-site

Why is Robust API Security Crucial in eCommerce?

By: The Hacker News
API attacks are on the rise. One of their major targets is eCommerce firms like yours.ย  APIs are a vital part of how eCommerce businesses are accelerating their growth in the digital world.ย  ECommerce platforms use APIs at all customer touchpoints, from displaying products to handling shipping. Owing to their increased use, APIs are attractive targets for hackers, as the following numbers expose

Does the OWASP Top 10 Still Matter?

By: The Hacker News
What is the OWASP Top 10, and โ€“ just as important โ€“ what is it not? In this review, we look at how you can make this critical risk report work for you and your organisation. What is OWASP? OWASPย is the Open Web Application Security Project, an international non-profit organization dedicated to improving web application security.ย  It operates on the core principle that all of its materials are

Erlik 2 - Vulnerable-Flask-App

By: noreply@blogger.com (Unknown)


Erlik 2 - Vulnerable-Flask-App

Tested - Kali 2022.1

Description

It is a vulnerable Flask Web App. It is a lab environment created for people who want to improve themselves in the field of web penetration testing.


Features

It contains the following vulnerabilities.

  • HTML Injection
  • XSS
  • SSTI
  • SQL Injection
  • Information Disclosure
  • Command Injection
  • Brute Force
  • Deserialization
  • Broken Authentication
  • DOS
  • File Upload

Installation

git clone https://github.com/anil-yelken/Vulnerable-Flask-App

cd Vulnerable-Flask-App

sudo pip3 install -r requirements.txt

Usage

python3 vulnerable-flask-app.py

Contact

https://twitter.com/anilyelken06

https://medium.com/@anilyelken



6 Top API Security Risks! Favored Targets for Attackers If Left Unmanaged

By: The Hacker News
Security threats are always a concern when it comes to APIs. API security can be compared to driving a car. You must be cautious and review everything closely before releasing it into the world. By failing to do so, you're putting yourself and others at risk. API attacks are more dangerous than other breaches. Facebook had a 50M user account affected by an API breach, and an API data breach on

Avoiding Death by a Thousand Scripts: Using Automated Content Security Policies

By: The Hacker News
Businesses know they need to secure their client-side scripts. Content security policies (CSPs) are a great way to do that. But CSPs are cumbersome. One mistake and you have a potentially significant client-side security gap. Finding those gaps means long and tedious hours (or days) in manual code reviews through thousands of lines of script on your web applications. Automated content security

T.rex_scan v0.2 โ€“ Integrate Tools to Audit Web Sites

By: MaxiSoler
T.rex_scan only facilitates the visualization when auditing a web page. With this script you can optimize your time, reducing the time you audit a page web since T.rex_scan executes the task you...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]
โŒ