The post discusses the discovery of multiple CVEs in LoMag WareHouse Management, including hard-coded credentials, weak hash usage, and SQL injection vulnerabilities. The author provides insights into their discovery process and highlights the insecure coding practices in the application.
Wireless Attack Vectors Against Automobiles
Something that piqued my interest earlier in my cybersecurity studies was wireless attacks on vehicles. A friend reached out claiming her car had been broken into, sans keys. And... she had video of it. I had heard the reports and I had read a few articles. But I had never had a chance to see … Continue reading Wireless Attack Vectors Against Automobiles
Introducing Sherlock GPT Holmes
Started my journey into LLMs and AI. While I do some real work with Jan AI, I created a custom GPT. Might add some custom functionality but if not, it's still useful for offensive cyber security! I made sure it tries to do what you ask first and always offer to generate code for you … Continue reading Introducing Sherlock GPT Holmes
New Project: The Hackers Lunch Box
Been a long time! Just wanted to stop by and let y'all know I've created a new project on the GainSec GitHub! It's called The Hackers Lunch Box. Here's the description: High level attack and finding maps for all your penetration testing, hacking, bug bounty and red teaming needs! To be more specific, this is … Continue reading New Project: The Hackers Lunch Box
Cheap ‘n’ Easy Phishing (That Actually Works)
A lecture demonstrating how I compromised a trillion dollar organization for under $150.
10 Minutes of Google dorking for Covid Documents
So stoked to reveal that my article submission was published in the latest Unredacted magazine publication! Ik they received hundreds of submissions so to be chosen is just awesome! Check it out on page 34 HERE END TRANSMISSION
CVE-2022-34108, CVE-2022-34109, CVE-2022-34110 DoS + Arbitrary file Download/Copy in MSI Feature Navigator
Denial Of Service and an Arbitrary file copy and download found in MSI's Feature Navigator demo software!
CVE-2022-34615, CVE-2022-34621, CVE-2022-34623, CVE-2022-34624 – IDOR, User Enum and More (In Mealie)
Multiple new CVEs discovered and disclosed! IDOR, User Enum, invalid session termination and a weak password policy!
CVE-2022-37857, CVE-2022-37163, CVE-2022-37164 Hardcoded Credentials/Weak Password Policies
A location sharing open source server and android client was found to hardcode credentials and allow weak passwords by default (including blank passwords!)
CVE-2022-35142, CVE-2022-35143, CVE-2022-35144 – DoS, XSS and Weak Password Policy in Renato a Markdown powered knowledge base
Multiple new CVEs discovered and disclosed! XSS, DoS and a weak password policy!