www.1337.or.id
Search: sbf
![[CVE-2022-3590] WP <= 6.1.1 - Unauthenticated Blind SSRF via DNS Rebinding](https://1337.or.id/images/post/0c58135919b1-13396.png)
[CVE-2022-3590] WP <= 6.1.1 - Unauthenticated Blind SSRF via DNS Rebinding
Ganesha
19 December 2022
31.427 Views
WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU Time of check to time of use race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden. Below is what a request to t...
Ganesha
29 November 2022
26.171 Views
LaporBug.id is a Bug Bounty Platform from Indonesia, for more info about LaporBug.id you can open laporbug.id. I spent a few minutes checking every URL, parameter, and form on LaporBug.id. On this page, we have a form to upload a profile image. ...
Binance Eyes $1 Billion Raise for Crypto 'Recovery Fund', Could Buy FTX Assets
Ganesha
25 November 2022
29.551 Views
Binance s founder and CEO said the firm s crypto rescue fund will initially have 1 billion to dole out as it steps into the role of industry white knight. In an interview with Bloomberg, Changpeng CZ Zhao said the fund would have a loose structure and be publicly visible on the blockchain, w...
Ganesha
28 November 2022
27.797 Views
DomaiNesia is a company that serves domain name registration, Web Hosting, VPS, and others, the vulnerability I found was POST based XSS. It takes me a few minutes to go through each page, check each URL and parameter, try to enter some code character in the form, etc. Finally on the page ...
FBI and CISA says Cuba ransomware gang extorted $60M from victims this year
Ganesha
03 December 2022
26.102 Views
The Cuba ransomware gang extorted more than 60 million in ransom payments from victims between December 2021 and August 2022, a joint advisory from CISA and the FBI has warned. The latest advisory is a follow up to a flash alert released by the FBI in December 2021, which revealed that the gang ...
Ganesha
26 November 2022
23.699 Views
I signed up on Chess24 and a play couple of games. Then I was thinking about security on the Chess24 website. I enter the user profile page, then I put the payload below as my website address. Request Response a href targe...
Paraminer: Finds hidden parameters.
Ganesha
29 November 2022
30.279 Views
Paraminer is a tool used to search for hidden parameters in a website Main Features GET Request POST Request Usage php paraminer.php u URL w WORDLIST .. images post 6941dbb5d020 64484851 74288d80 d242 11e9 89e5 cf937dd61541.png Link ...
Ganesha
27 November 2022
21.806 Views
httpstatus.io is an HTTP Status Code, Header Redirect Checker. For example, if we submit a URL Domain, httpstatus.io will check the HTTP Status Code, where the domain will be redirected if the HTTP Status Code is 301 302 etc. I try with ...
XSSRush: An automatic XSS scanner
Ganesha
24 November 2022
28.586 Views
XSSRush is an automatic XSS scanner. Available on Desktop, Chrome Extension, and Web Based. Screenshot Chrome Extension XSSR Chrome Extension .. images post 68747470733a2f2f312e62702e626c6f6773706f742e636f6d2f2d314e6b6766637951526c452f59475363726734476733492f41414141414141414278552...
Russian Cybercrime Groups Stole Over 50 Million Passwords with Stealer Malware
Ganesha
24 November 2022
21.801 Views
Security researchers have warned of a password theft epidemic after revealing that Russian groups are using off the shelf info stealing malware to devastating effect. Group IB said its analysis revealed 34 Telegram groups used by threat actors to organize their efforts, and that they d infected o...