A lecture demonstrating how I compromised a trillion dollar organization for under $150.
Author: gainsec
10 Minutes of Google dorking for Covid Documents
So stoked to reveal that my article submission was published in the latest Unredacted magazine publication! Ik they received hundreds of submissions so to be chosen is just awesome! Check it out on page 34 HERE END TRANSMISSION
CVE-2022-34108, CVE-2022-34109, CVE-2022-34110 DoS + Arbitrary file Download/Copy in MSI Feature Navigator
Denial Of Service and an Arbitrary file copy and download found in MSI's Feature Navigator demo software!
CVE-2022-34615, CVE-2022-34621, CVE-2022-34623, CVE-2022-34624 – IDOR, User Enum and More (In Mealie)
Multiple new CVEs discovered and disclosed! IDOR, User Enum, invalid session termination and a weak password policy!
CVE-2022-37857, CVE-2022-37163, CVE-2022-37164 Hardcoded Credentials/Weak Password Policies
A location sharing open source server and android client was found to hardcode credentials and allow weak passwords by default (including blank passwords!)
CVE-2022-35142, CVE-2022-35143, CVE-2022-35144 – DoS, XSS and Weak Password Policy in Renato a Markdown powered knowledge base
Multiple new CVEs discovered and disclosed! XSS, DoS and a weak password policy!
CVE-2022-34613, CVE-2022-34618, CVE-2022-34619 – Multiple XSS (And more) in Mealie
Multiple new CVEs discovered and disclosed! XSS, file uploads and more!
CVE-2022-34625 – Server-Side Template Injection to Remote Code Execution (SSTI) to (RCE) in Mealie – A lesson in patience
A detailed walkthrough of CVE-2022-34625 aka a Server-Side Template Injection (SSTI) to Remote Code Execution (RCE)
CVE-2022-34009
Denial of Service discovered against Fossil SCM when running on Windows boxes.
How to Find the next BIG Data Leak in under 20 minutes or less! – LeakLooker-X – Updated 2022
An update to my tutorial for installing and running LeakLooker-X working properly with current versions of Kali Linux and Celery.