Budanthara

the xz sshd backdoor rabbithole goes quite a bit deeper. I was just able to trigger some harder to reach functionality of the backdoor. there's still more to explore.. 1/n

Wow, Thanks! 💪🏻🔥

@yeswehack Those two highlighted functions will consider this as a valid input from the user and will be executed through the "file_get_contents()". More bypasses if you wanna try: "file::////etc/passwd","php::////filter/convert.base64-encode|convert.base64-decode/resource=/etc/passwd"

@yeswehack So how to reproduce this into a simple LFI payload? just simply pass "?file=/etc/passwd" directly through the parameter.

Vulnerable Code Snippets Time 🥷 Level: Medium 🐝 This web application does not like dot dot slash! Try it out at Github: github.com/yeswehack/vuln… #BugBounty #YesWeRHackers Found the issue? Explain how in the comments! 👇 🎁 The best solution gets an exclusive swag!

Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling by @albinowax portswigger.net/research/brows…

I was able to replicate the Rolling Pwn exploit using two different key captures from two different times. So, yes, it definitely works.

@asmarajayadotid @nopsIide kelar makan auto masuk lapas gak sih?

@nopsIide kukkkkss

The lowest user "nobody" could use this simple bash script and allows anybody to overwrite data in arbitrary read-only files (CVE-2022-0847) It is similar to CVE-2016-5195 “Dirty Cow” but is easier to exploit. dirtypipe.cm4all.com #infosec #CVE

@tunahorse21 Yes, indeed!

@budanthara This is insane

Since this #Log4J vulnerability (CVE-2021-44228) has extremely bad impact, I've decided to build a small local environment to measure and test the impact of it by chaining into a shell RCE attack. Insane! #Log4Shell #cybersecurity

@LeonardoDeGrAg iy makasi y

ngeri

@AceAintDead malah sempet"nya nanya "kok bisa segitu" pas lagi bertempur

@budanthara Biar valid je jawabanmu pas itu 😌

Aku di semua matkul ke gusbud atau lovely 😭

@AceAintDead bukannya ga ada, tpi kl makan di daerahnya lgsg dri segi rasa pasti lebih autentik

Lihat food vlogger makan nasi campur bali kok lahap bener ya apa di daerahnya gaada ya😦

@nopsIide fine dining lah tipis”

@budanthara pen makan :)

yup.. Apache 2.4.50 ✅

You may find the other various file extension that associated with this Apple Finder. Reference: file-extensions.org/finder-file-ex…

On this PoC, we already have allow the macOS Quarantine to give permission when the remote-shell process has to be executed. More technical detail and reference: ssd-disclosure.com/ssd-advisoryma… #cybersecurity #infosec

Me n @nopsIide trying to figure out the macOS Finder #vulnerability behavior today,since we found that we don't really need to mangle "file://" protocol at this current version of macOS (Big Sur) by using ".fileloc" rather than ".inetloc". youtu.be/YqERFRMkyBs via @YouTube