Corben Leo

@hacker_

Christian, Computer Science , I try to hack stuff

ʰᵃᶜᵏⁱⁿᵍ
Vrijeme pridruživanja: veljača 2016.

Tweetovi

Blokirali ste korisnika/cu @hacker_

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @hacker_

  1. Prikvačeni tweet
    14. srp 2019.

    New blog post: Analysis of an Atlassian Crowd RCE - CVE-2019-11580

    Poništi
  2. proslijedio/la je Tweet
    prije 9 sati

    When testing for SSRF, change the HTTP version from 1.1 to HTTP/0.9 and remove the host header completely. This has worked to bypass several SSRF fixes in the past.

    Poništi
  3. 2. velj

    Seriously, if you use ffuf you should consider sponsoring on GitHub – literally $1-10 a month!

    Poništi
  4. 28. sij

    I'm nuking the bugbountylink site – it's open-source here:

    Poništi
  5. proslijedio/la je Tweet
    27. sij

    The story behind why Kobe flew in a private helicopters in LA 💔

    Poništi
  6. proslijedio/la je Tweet
    27. sij

    Did you know that the address '<a@b.com>c@d.com' when given to SES will send an email to a@b.com? this could lead to interesting exploit scenarios with some email parsing libraries/code

    Poništi
  7. proslijedio/la je Tweet
    24. sij

    Here are my (updated) slides from for my talk "Owning The Cloud Through SSRF & PDF Generators" with Chris Holt from . Big thank you to , , , , , and !

    Poništi
  8. proslijedio/la je Tweet
    24. sij

    Cross-Site Websocket Hijacking bug in Facebook that leads to account takeover

    Poništi
  9. 15. sij

    The research I worked on, Exploring Continuous Integration Services as a Bug Bounty Hunter, was nominated for this! If you enjoyed it and found it useful please consider voting :)

    Poništi
  10. proslijedio/la je Tweet
    14. sij

    I'm excited to share my post about discovering & exploiting multiple critical vulnerabilities in Cisco's DCNM. Busting Cisco's Beans :: Hardcoding Your Way to Hell PoC exploit code:

    Poništi
  11. proslijedio/la je Tweet
    13. sij

    CVE-2019-19781 post-exploitation notes: If you are seeing attackers reading your /flash/nsconfig/ns.conf file then you need to change all passwords. The SHA512 passwords are easily crackable with hashcat.

    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet
    13. sij

    If a subdomain returns a default/under construction or dead page, it may still be worth to run it through 's getallurl + 's concurl tools to request all URLs & identify any URLs with different response. See image for commands.

    Poništi
  13. proslijedio/la je Tweet
    13. sij

    Should we talk about the Citrix RCE? 👀👀👀 and I made a video: Enumerating, Analyzing, and Exploiting The Citrix ADC Remote Command Execution - CVE-2019-19781. It's already demonetized by YouTube so enjoy! 😂

    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet
    12. sij

    Just posted Remote Code Execution in Three Acts: Chaining Exposed Actuators and H2 Database Aliases in Spring Boot 2. Using a payload containing three different programming languages :)

    Poništi
  15. proslijedio/la je Tweet
    11. sij

    Despite being 2020-01-11, I think just won the PR of the year award!

    Poništi
  16. 11. sij

    A CVE-2019-19781 is this easy – 1. Traversal to vpns folder, traversal in the NSC_HEADER + to write a malicious bookmark to the /netscaler/portal/templates/ folder (1st HTTP request), 2. Passing that template through the Template Toolkit (2nd request)

    Poništi
  17. 10. sij

    Citrix ADC/Netscaler RCE (CVE-2019-19781) 😬

    Poništi
  18. proslijedio/la je Tweet
    8. sij
    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    3. sij

    To start the new year I'm releasing another write-up where I explain the process of detecting and exploiting a chained HTTP request smuggling vulnerability which led me to an account takeover.

    Poništi
  20. 2. sij

    I never tweet these but since it's the first bounty of the decade I'll make an exception 🎉 Yay, I was awarded a $5,000 bounty on !

    Poništi
  21. 27. pro 2019.

    2020 Goals: – Make some money, doesn't matter how much. – Learn more – Automate more of my hunting process. – Maybe speak at a conference?

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·