There is no excerpt because this is a protected post.
Author: gainsec
How I found 15 CVEs in 3 nights and how YOU can too.
My explanation of how I found 15 CVEs in 3 nights and my tips on how you can too!
CVE-2022-35142, CVE-2022-35143, CVE-2022-35144 – DoS, XSS and Weak Password Policy in Renato a Markdown powered knowledge base
Multiple new CVEs discovered and disclosed! XSS, DoS and a weak password policy!
CVE-2022-34613, CVE-2022-34618, CVE-2022-34619 – Multiple XSS (And more) in Mealie
Multiple new CVEs discovered and disclosed! XSS, file uploads and more!
CVE-2022-34625 – Server-Side Template Injection to Remote Code Execution (SSTI) to (RCE) in Mealie – A lesson in patience
A detailed walkthrough of CVE-2022-34625 aka a Server-Side Template Injection (SSTI) to Remote Code Execution (RCE)
CVE-2022-34009
Denial of Service discovered against Fossil SCM when running on Windows boxes.
How to Find the next BIG Data Leak in under 20 minutes or less! – LeakLooker-X – Updated 2022
An update to my tutorial for installing and running LeakLooker-X working properly with current versions of Kali Linux and Celery.
Azure Cloud Pen Testing Software Suite
A great collection of scripts for attacking and defending Azure environments. Perfect for any azure cloud security assessment, audit or penetration test.
Should I add this Repo to TreeHouse Wordlists?
You tell me what you think of this wordlist repo? Is it worth adding?
The Hacker’s Search Engine
An all-in-one "hacker" search engine