当前节点:rss
时间节点
2021-09-16 14:15:56Bug Bounty in InfoSec Write-up
Well hello everyone It’s yasser again (AKA Neroli),
I know a lot of people asked me on LinkedIn for help and I am really busy so I tried to answer all of your questions here.
https://medium.com/media/7944b61aae47db686f02a473bb46e1c0/href
Getting into bug-bounty
Before you want to hack into thing, you need to know how does it works, so you need to understand some web development languages.
Development First
PHP:
by “the net ninja”: https://www.youtube.com/watch?v=pWG7ajC_OVo&list=PL4cUxeGkcC9gksOX3Kd9KPo-O68ncT05o
by “ ProgrammingKnowledge”: https://www.youtube.com/watch?v=yMclPkD4sQg&list=PLS1QulWo1RIZc4GM_E04HCPEd_xpcaQgg
Recommended : https://letmegooglethat.com/?q=learning+php+online+for+free+youtube
JavaScript:
by “Dev Ed”: https://www.youtube.com/watch?v=2nZiB1JItbY&list=PLDyQo7g0_nsX8_gZAB8KD1lL4j4halQBJ
by “the net ninja”: https://www.youtube.com/watch?v=qoSksQ4s_hg&list=PL4cUxeGkcC9i9Ae2D9Ee1RvylH38dKuET
Recommended: https://letmegooglethat.com/?q=learning+javaScript+online+for+free+youtube
now the re
2021-09-16 14:15:56Bug Bounty in InfoSec Write-up
Hi There,
Renganathan Here, I’m an Ethical Hacker & a Security researcher.
I’ve been acknowledged by LinkedIn, United Nations, BYJU’s, Nike, Lenovo, Upstox for reporting security vulnerabilities in their web applications.
What’s IRCTC?
IRCTC, India’s largest online ticketing operations site which runs one of the largest e-commerce sites, has around 30 million registered users with around 550,000 to 600,000 bookings every day makes it the world’s second-busiest travelling portal generating revenue of $20 million every year (Source: Wiki)
While I was booking a ticket as a normal human I suddenly got an idea to test for vulnerabilities.
Hacker Mode!
So the first vulnerability that came to my mind was IDOR. Here are the steps to reproduce.
Login to your IRCTC account
Go to My account > My Transactions > Booked Ticket History.
3. So there were below tickets that gets expanded on click
I used burp suite, turned on the interception, and saw a below-get request.
GET /eticketing/protected/mapps1/historySearchByTxnId/X
2021-09-16 14:15:22Bug Bounty in InfoSec Write-up
Chess.com logo
Hi folks, this is the second write-up about finding bugs on Chess.com. You can find the first one here.
Chess.com is the most famous website for playing & learning chess.
You can log in to the site by two parameters, the first one is your email and the second one is your username. This story learn us to check all features and look for anomalies on each feature.
I’ve found that if you change your password, it changes just for one parameter (email) and after changing the password you can’t log in by your username and new password. In fact, the changes apply just to email and new password changes after 10 minutes on the username. So if your password leaks and you change your password, someone who has your password can log in after changing your password by username and old password. The process of update query for changing the password is like the following image:
This is schematic and imaginary for a better understanding.
After sending this bug to Chess.com, they said this delay was for replicati
2021-09-16 14:15:22Bug Bounty in InfoSec Write-up
Well hello everyone It’s yasser again (AKA Neroli),
I know a lot of people asked me on LinkedIn for help and I am really busy so I tried to answer all of your questions here.
https://medium.com/media/7944b61aae47db686f02a473bb46e1c0/href
Getting into bug-bounty
Before you want to hack into thing, you need to know how does it works, so you need to understand some web development languages.
Development First
PHP:
by “the net ninja”: https://www.youtube.com/watch?v=pWG7ajC_OVo&list=PL4cUxeGkcC9gksOX3Kd9KPo-O68ncT05o
by “ ProgrammingKnowledge”: https://www.youtube.com/watch?v=yMclPkD4sQg&list=PLS1QulWo1RIZc4GM_E04HCPEd_xpcaQgg
Recommended : https://letmegooglethat.com/?q=learning+php+online+for+free+youtube
JavaScript:
by “Dev Ed”: https://www.youtube.com/watch?v=2nZiB1JItbY&list=PLDyQo7g0_nsX8_gZAB8KD1lL4j4halQBJ
by “the net ninja”: https://www.youtube.com/watch?v=qoSksQ4s_hg&list=PL4cUxeGkcC9i9Ae2D9Ee1RvylH38dKuET
Recommended: https://letmegooglethat.com/?q=learning+javaScript+online+for+free+youtube
now the re
2021-09-16 14:15:22Bug Bounty in InfoSec Write-up
Hi There,
Renganathan Here, I’m an Ethical Hacker & a Security researcher.
I’ve been acknowledged by LinkedIn, United Nations, BYJU’s, Nike, Lenovo, Upstox for reporting security vulnerabilities in their web applications.
What’s IRCTC?
IRCTC, India’s largest online ticketing operations site which runs one of the largest e-commerce sites, has around 30 million registered users with around 550,000 to 600,000 bookings every day makes it the world’s second-busiest travelling portal generating revenue of $20 million every year (Source: Wiki)
While I was booking a ticket as a normal human I suddenly got an idea to test for vulnerabilities.
Hacker Mode!
So the first vulnerability that came to my mind was IDOR. Here are the steps to reproduce.
Login to your IRCTC account
Go to My account > My Transactions > Booked Ticket History.
3. So there were below tickets that gets expanded on click
I used burp suite, turned on the interception, and saw a below-get request.
GET /eticketing/protected/mapps1/historySearchByTxnId/X
2021-09-16 14:15:084ra1n
介绍
高并发下做数据统计,如果采用AtomicLong的方式会存在问题
AtomicLong.getAndIncrement方法使用到unsafe类
public final long getAndIncrement() { return unsafe.getAndAddLong(this, valueOffset, 1L); }
跟入unsafe类看到底层实现是CAS。高并发情况下,多个线程同时卡在循环中,效率过低。另外CAS有ABA问题(原理和解决参考上一篇文章)
public final long getAndAddLong(Object var1, long var2, long var4) { long var6; do { var6 = this.getLongVolatile(var1, var2); } while(!this.compareAndSwapLong(var1, var2, var6, var6 + var4)); return var6; }
于是出现了一个新的类:LongAddr
源码
Striped64
首先来看Cell数组中的Cell是什么
@sun.misc.Contended static final class Cell { // cell中的value volatile long value; Cell(long x) { value = x; } // CAS操作 final boolean cas(long cmp, long val) { return UNSAFE.compareAndSwapLong(this, valueOffset, cmp, val); } // Unsafe mechanics private static final sun.misc.Unsafe UNSAFE; // value的内存偏移 private static final long valueOffset; static { try { // 反射构造unsafe UNSAFE = sun.misc.Unsafe.getUnsafe(); Class<?> ak = Cell.class; valueOffset = UNSAFE.objectFieldOffset (ak.getDeclaredField("value")); } catch (Exception e)
2021-09-16 14:14:54Security Boulevard
Here’s a flashback from Canadian news. In 1989 a judge ruled that seat-belt use could not be made mandatory under the constitution: Fast forward and by 2009 Alberta reported 92% acceptance of their government that says… There is a $162 fine for not complying with occupant restraint laws. The United States apparently has been more … Continue reading Remember When Seat-belts Were Controversial? →
The post Remember When Seat-belts Were Controversial? appeared first on Security Boulevard.
2021-09-16 14:14:54Security Boulevard
Debido a la evolución de los sistemas de TI, el reciente cambio a una fuerza de trabajo híbrida, los requisitos cambiantes de los clientes y otras razones, monitorear la red se ha vuelto mucho más complejo. Los administradores de TI …
The post 3 razones para usar un software de diagramas de red appeared first on ManageEngine Blog.
The post 3 razones para usar un software de diagramas de red appeared first on Security Boulevard.
2021-09-16 14:14:54Security Boulevard
We’ve all heard about the ultra-premium sneakers like Adidas’s Yeezy and Nike’s Air Jordans that sell out within minutes of a drop. But what you probably haven’t thought about is the havoc Sneaker bots are wreaking not only on sneaker companies, but on the entire eCommerce industry. Sneaker bots (aka Scalper bots) are infamous for [...]
The post Beyond Stopping You from Buying Air Jordans, Sneaker Bots are Tying Up the World appeared first on TechSpective.
The post Beyond Stopping You from Buying Air Jordans, Sneaker Bots are Tying Up the World appeared first on Security Boulevard.
2021-09-16 14:14:54Security Boulevard
To stay a step ahead of cyber defenders, malware authors are using “exotic” programming languages—such as Go (Golang), Rust, Nim and Dlang—to evade detection and impede reverse engineering efforts. Unconventional languages are composed of more complex and convoluted binaries that are harder to decipher than traditional languages like C# or C++. This entices both APTs..
The post Behavior-Based Detection Can Stop Exotic Malware appeared first on Security Boulevard.
2021-09-16 14:11:52360漏洞预警
360-CERT每日安全简报
2021-09-16 12:41:49MY_Github
motikan2010 starred carlospolop/PEASS-ng
Jul 10, 2021
carlospolop/PEASS-ng
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
C#
6.4k Updated Sep 15
2021-09-16 12:41:49MY_Github
ehsandeep released v8.3.9 of projectdiscovery/nuclei-templates
Jul 11, 2021
projectdiscovery / /projectdiscovery/nuclei-templates
v8.3.9
Changelog
New Templates : 53
cves/2021/CVE-2021-34621.yaml by @0xsapra
cves/2021/CVE-2021-28151.yaml by @gy741
cves/2021/CVE-2021-28150.yaml by @gy741
cves/2021/CVE-2021-28149.yaml by @gy741
cves/…
Read more
2021-09-16 12:41:49MY_Github
motikan2010 starred OlivierLaflamme/Cheatsheet-God
Jul 11, 2021
OlivierLaflamme/Cheatsheet-God
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
3.4k Updated Jul 8
2021-09-16 12:41:49MY_Github
motikan2010 starred YouGina/CVE-2021-35042
Jul 11, 2021
YouGina/CVE-2021-35042
SQL injection via unsanitized QuerySet.order_by() input
Python
11 Updated Jul 10
2021-09-16 12:41:49MY_Github
motikan2010 starred wwong99/pentest-notes
Jul 12, 2021
wwong99/pentest-notes
Python
507 Updated Jul 21
2021-09-16 12:41:49MY_Github
motikan2010 starred BloodHoundAD/BloodHound
Jul 12, 2021
BloodHoundAD/BloodHound
Six Degrees of Domain Admin
PowerShell
5.9k Updated Sep 15
2021-09-16 12:41:49MY_Github
motikan2010 starred initstring/dirty_sock
Jul 13, 2021
initstring/dirty_sock
Linux privilege escalation exploit via snapd (CVE-2019-7304)
Python
602 Updated May 9
2021-09-16 12:41:49MY_Github
motikan2010 starred carlospolop/hacktricks
Jul 13, 2021
carlospolop/hacktricks
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
Python
3.2k Updated Sep 15
2021-09-16 12:41:49MY_Github
motikan2010 starred facebookresearch/hydra
Jul 13, 2021
facebookresearch/hydra
Hydra is a framework for elegantly configuring complex applications
Python
4.8k 6 issues need help Updated Sep 15
2021-09-16 12:41:49MY_Github
motikan2010 started following antoinevastel
Jul 14, 2021
antoine vastel antoinevastel
45 repositories 173 followers
2021-09-16 12:41:49MY_Github
motikan2010 started following Valve
Jul 14, 2021
Valentin V. Valve
55 repositories 514 followers
2021-09-16 12:41:49MY_Github
ehsandeep released v8.4.1 of projectdiscovery/nuclei-templates
Jul 20, 2021
projectdiscovery / /projectdiscovery/nuclei-templates
v8.4.1
Changelog
New Templates : 134
cves/2021/CVE-2021-33544.yaml by @gy741
cves/2021/CVE-2021-31755.yaml by @gy741
cves/2021/CVE-2021-30497.yaml by @gy741
cves/2021/CVE-2021-24498.yaml by @suman_kar
cv…
Read more
2021-09-16 12:41:49MY_Github
gentilkiwi released 2.2.0 20210723 EFSR of gentilkiwi/mimikatz
Jul 24, 2021
gentilkiwi / /gentilkiwi/mimikatz
2.2.0 20210723 EFSR
misc::efs is [MS-EFSR] and adapted of @topotam - https://github.com/topotam/PetitPotam
2021-09-16 12:41:49MY_Github
motikan2010 starred kwhitley/itty-router
Jul 26, 2021
kwhitley/itty-router
A little router.
JavaScript
279 Updated Sep 13
2021-09-16 12:41:49MY_Github
ehsandeep released v8.4.2 of projectdiscovery/nuclei-templates
Jul 27, 2021
projectdiscovery / /projectdiscovery/nuclei-templates
v8.4.2
Changelog
New Templates : 104
cves/2021/CVE-2021-34429.yaml by @bernardo Rodrigues @bernardofsr | André Monteiro @am0nt31r0
cves/2021/CVE-2021-33904.yaml by @geeknik
cves/2021/CVE-2021-3377.yaml by …
Read more
2021-09-16 12:41:49MY_Github
motikan2010 starred public-apis/public-apis
Jul 27, 2021
public-apis/public-apis
A collective list of free APIs
Python
157k Updated Sep 15
2021-09-16 12:41:49MY_Github
motikan2010 starred antoinevastel/bots-zoo
Jul 29, 2021
antoinevastel/bots-zoo
JavaScript
50 Updated May 29
2021-09-16 12:41:49MY_Github
motikan2010 starred samratashok/nishang
Jul 30, 2021
samratashok/nishang
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
PowerShell
5.6k Updated Jul 24
2021-09-16 12:41:49MY_Github
motikan2010 forked motikan2010/shellshocker-pocs from mubix/shellshocker-pocs
Jul 31, 2021
mubix/shellshocker-pocs
Collection of Proof of Concepts and Potential Targets for #ShellShocker
Python
858 Updated May 16
2021-09-16 12:41:49MY_Github
ehsandeep released v8.4.3 of projectdiscovery/nuclei-templates
Aug 3, 2021
projectdiscovery / /projectdiscovery/nuclei-templates
v8.4.3
Changelog
New Templates : 83
cves/2021/CVE-2021-36380.yaml by @gy741
cves/2021/CVE-2021-3297.yaml by @gy741
cves/2021/CVE-2021-29484.yaml by @rootxharsh,@iamnoooob
cves/2021/CVE-2021-27561.yaml by…
Read more
2021-09-16 12:41:49MY_Github
motikan2010 starred GTFOBins/GTFOBins.github.io
Aug 4, 2021
GTFOBins/GTFOBins.github.io
GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
HTML
5.2k Updated Sep 12
2021-09-16 12:41:49MY_Github
motikan2010 starred SecWiki/windows-kernel-exploits
Aug 7, 2021
SecWiki/windows-kernel-exploits
windows-kernel-exploits Windows平台提权漏洞集合
C
5.7k Updated Jun 11
2021-09-16 12:41:49MY_Github
motikan2010 starred sanposhiho/MY_CHEAT_SHEET
Aug 13, 2021
sanposhiho/MY_CHEAT_SHEET
cheat sheet for penetration testing (Japanese)
🐉
53 Updated Dec 2
2021-09-16 12:41:49MY_Github
motikan2010 starred ropnop/kerbrute
Aug 20, 2021
ropnop/kerbrute
A tool to perform Kerberos pre-auth bruteforcing
Go
1.1k Updated May 31
2021-09-16 12:41:49MY_Github
motikan2010 starred byt3bl33d3r/CrackMapExec
Aug 24, 2021
byt3bl33d3r/CrackMapExec
A swiss army knife for pentesting networks
Python
5.2k 1 issue needs help Updated Aug 1
2021-09-16 12:41:49MY_Github
motikan2010 starred jpillora/chisel
Aug 25, 2021
jpillora/chisel
A fast TCP/UDP tunnel over HTTP
Go
6.3k 1 issue needs help Updated Aug 25
2021-09-16 12:41:49MY_Github
motikan2010 starred h3v0x/CVE-2021-26084_Confluence
Sep 1, 2021
h3v0x/CVE-2021-26084_Confluence
Confluence Server Webwork OGNL injection
Python
211 Updated Sep 10
2021-09-16 12:41:49MY_Github
motikan2010 starred puppeteer/puppeteer
Sep 4, 2021
puppeteer/puppeteer
Headless Chrome Node.js API
TypeScript
73.3k Updated Sep 16
2021-09-16 12:41:49MY_Github
motikan2010 starred Gerapy/GerapyPyppeteer
Sep 4, 2021
Gerapy/GerapyPyppeteer
Downloader Middleware to support Pyppeteer in Scrapy & Gerapy
Python
91 Updated Sep 6
2021-09-16 12:41:49MY_Github
motikan2010 created a repository motikan2010/CVE-2021-34646
Sep 4, 2021
motikan2010/CVE-2021-34646
CVE-2021-34646 PoC
Updated Sep 4
2021-09-16 10:31:584ra1n
介绍
通常情况下,共享变量在并发中的处理是使用synchronized关键字或lock,
// 共享变量 static int count = 0; // 并发方法 public static synchronized boolean request() { count++; }
但是这种方式效率过低,是否存在一种更高效的处理方式:在修改共享变量之前,判断期望值和当前值,如果不一致则一直等待,如果相等那么修改共享变量。新的方式只需要在判断逻辑中加锁
// volatile保证可见性,避免拿到缓存 volatile static int count = 0; /** * 判断是否更新 * @param expectCount 期望值count * @param newCount 赋新值 * @return 是否成功 */ public static synchronized boolean compareAndSwap(int expectCount, int newCount) { // 判断当前count和期望值是否一致 if (getCount() == expectCount) { count = newCount; return true; } return false; } public static int getCount() { return count; } public static void request(){ int expectCount; // 判断和赋值 while(!compareAndSwap((expectCount=getCount()),expectCount+1)){} }
CAS
原理
CAS全称是CompareAndSwap,比较并替换
CAS需要有3个操作数:内存地址V,旧的预期值A,即将要更新的目标值B
CAS指令执行时,当且仅当内存地址V的值与预期值A相等时,将内存地址V的值修改为B,否则就什么都不做。整个比较并替换的操作是一个原子操作
CAS是通过JNI借助C语言实现的,例如指令cmpxchg
系统底层进行CAS操作时,会判断当前系统是否是多核心系统,会给总线加锁,然后执行CAS操作
CAS的问题:高并发情况下存在性能问题
ABA
如果存在以下的情况:
并发1:获取出数据的初始值是A,后续计划实施CAS,期望数据还是A,新值为B
并发2:将数据修改成B再修改
2021-09-16 10:27:53Security Boulevard
Zero-day vulnerabilities by design have always been a thorn in the side of the security team that’s trying to balance allowing employees to continue working productively with ensuring that they are protected from threats while waiting for a patch. Recently, a new zero-day threat was discovered called CVE-2021-40444 that adds risk for any employee that...
The post How to Deliver Safe Files to Your Employees at Scale…Proactively Avoiding CVE-2021-40444 appeared first on Security Boulevard.
2021-09-16 10:27:53Security Boulevard
Financial account takeover is a form of identity fraud where fraudsters use stolen credentials to break into digital financial accounts of genuine customers. An exponential increase in the number of consumers using fintech services and digital channels for banking needs during the pandemic has opened up the attack surface like never before, leading to a […]
The post Why Preventing Financial Account Takeover Attacks is Important for Banks and Fintechs appeared first on Security Boulevard.
2021-09-16 10:27:53Security Boulevard
With a variety of risks growing out of the pandemic, cybersecurity control failures was listed as the top executive concern during Q1 2021. According to the Gartner Emerging Risks Monitor Report, 67% of senior executives stated that the risk of cybersecurity control failure is their number one concern.
The post New Gartner Report Identifies Cybersecurity Control Failure as #1 Executive Concern for 2021 appeared first on Security Boulevard.
2021-09-16 10:21:12Microsoft Security Blog
This blog details our in-depth analysis of the attacks that used the CVE-2021-40444, provides detection details and investigation guidance for Microsoft 365 Defender customers, and lists mitigation steps for hardening networks against this and similar attacks.
The post Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability appeared first on Microsoft Security Blog.
2021-09-16 07:42:20Legal Hackers
Date: 2021-09-15 21:42 UTC
OS: *
PHP Version: Irrelevant
Package: SimpleXML related
Title: Inconsistent casting to bool of SimpleXML objects
2021-09-16 07:24:48Sploitus.com Exploits RSS Feed
2021-09-16 07:24:48Sploitus.com Exploits RSS Feed
2021-09-16 07:24:47Sploitus.com Exploits RSS Feed
2021-09-16 07:24:47Sploitus.com Exploits RSS Feed
2021-09-16 07:24:47Sploitus.com Exploits RSS Feed
2021-09-16 07:24:47Sploitus.com Exploits RSS Feed
2021-09-16 07:24:47Sploitus.com Exploits RSS Feed
2021-09-16 07:24:47Sploitus.com Exploits RSS Feed
2021-09-16 07:24:47Sploitus.com Exploits RSS Feed