Search: Sbf

Binance Eyes $1 Billion Raise for Crypto 'Recovery Fund', Could Buy FTX Assets

Ganesha 25 November 2022 29.551 Views
Binance s founder and CEO said the firm s crypto rescue fund will initially have 1 billion to dole out as it steps into the role of industry white knight. In an interview with Bloomberg, Changpeng CZ Zhao said the fund would have a loose structure and be publicly visible on the blockchain, w...

XSSRush: An automatic XSS scanner

Ganesha 24 November 2022 28.586 Views
XSSRush is an automatic XSS scanner. Available on Desktop, Chrome Extension, and Web Based. Screenshot Chrome Extension XSSR Chrome Extension .. images post 68747470733a2f2f312e62702e626c6f6773706f742e636f6d2f2d314e6b6766637951526c452f59475363726734476733492f41414141414141414278552...

Reflected XSS on DomaiNesia

Ganesha 27 November 2022 24.078 Views
DomaiNesia is a company that serves domain name registration, Web Hosting, VPS, and others. I just found Reflected XSS Vulnerability at DomaiNesia s subdomain We required to upload an official document if buy a special domain, like ac. or. sch. etc. On the...

Microsoft says hackers attacking energy grids using decades-old software

Ganesha 25 November 2022 27.893 Views
Microsoft said this week that technology discontinued in 2005 is still being used widely and poses threats and vulnerabilities to power grids and the petroleum industry. Malicious hackers, according to the tech giant, are gaining access into secure networks and devices through common Internet of ...

[CVE-2022-3590] WP <= 6.1.1 - Unauthenticated Blind SSRF via DNS Rebinding

Ganesha 19 December 2022 31.427 Views
WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU Time of check to time of use race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden. Below is what a request to t...

Paraminer: Finds hidden parameters.

Ganesha 29 November 2022 30.279 Views
Paraminer is a tool used to search for hidden parameters in a website Main Features GET Request POST Request Usage php paraminer.php u URL w WORDLIST .. images post 6941dbb5d020 64484851 74288d80 d242 11e9 89e5 cf937dd61541.png Link ...

Dynamic Content for Elementor < 1.9.6 - Authenticated RCE

Airlangga 10 February 2023 19.473 Views
The PHP Raw Widget dynamic.ooo widget php raw of the Dynamic Content for Elementor plugin before 1.9.6 did not properly check for user permissions, allowing accounts with a role as low as editor to perform RCE attacks. Proof of Concept POST wp admin admin ajax.php HTTP 1.1 Host exam...

"Black_X12" Hacker Takeover 30 Subdomain of Indonesian Government

Ganesha 05 December 2022 27.637 Views
A hacker who has the nickname Black X12 took over 30 subdomains belonging to the Indonesian Government which had the domain address kolakakab.go.id According to Zone H, a defacements archive website. Black X12 takeover the whole website on November 29th, 2022. Screenshot .. images po...

Reflected XSS on sgsg.samsung.com

Ganesha 27 November 2022 25.514 Views
Like I did before, I use Google Dorks, to find some interesting URLs. Google Dork site sgsg.samsung.com I found a very interesting URL, The HTTP response shows every value from the campu...

How to Make a Good Bug Bounty Report

Ganesha 30 November 2022 24.429 Views
Report Title Include the type of vulnerability XSS, CSRF, XXE, SQLi, SSRF, etc . Include sub domain and or with directory path example.com Example of a good title Stored XSS at example.com Via Parameter Name Example of a bad title Stored XSS example.com Report fo...

FBI and CISA says Cuba ransomware gang extorted $60M from victims this year

Ganesha 03 December 2022 26.102 Views
The Cuba ransomware gang extorted more than 60 million in ransom payments from victims between December 2021 and August 2022, a joint advisory from CISA and the FBI has warned. The latest advisory is a follow up to a flash alert released by the FBI in December 2021, which revealed that the gang ...

www.1337.or.id