BLUE

ABalexandreborges.bsky.socialSep 16, 2024 3:46pm

Exploit for CVE-2024-8504 & CVE-2024-8503: SQLi and RCE darkwebinformer.com/exploit-for-...#exploit #exploitation #cve #vulnerability #cybersecurity #informationsecurity

Exploit for CVE-2024-8504 & CVE-2024-8503: SQLi and RCE

Ttiotodi.bsky.socialSep 13, 2024 1:49pm

O normal é a opção 1, viu?! Já mandei alguns e-mails pra empresas e nunca fui respondido. Esse último q achei um blind sqli, reportei a síndica e em seguida a empresa. Apenas a síndica acatou e cancelou o contrato com o app, mas a empresa nunca me deu um “oi cachorro”.

Ttiotodi.bsky.socialSep 13, 2024 1:31pm

Na explicação jurídica q tive lá no X, o ato de invadir, no caso explorando a brecha do blind sqli, já caberia processo segundo o pessoal q manja de direito digital respondeu.

Ttiotodi.bsky.socialSep 13, 2024 1:28pm

Eu tbm achava, mas não é. Me explicaram no X qnd achei uma vuln em um app de condomínio, q iriam instalar aqui no prédio. Achei uma brecha com blind sqli q retornava dados sensíveis de usuários. @sushicomabacate.com kd o povo das leis digitais pra explicar melhor?!

Ppressewelle.deSep 11, 2024 7:18pm

SQLI auf der dmexco 2024: Die Zukunft des Digital Commerce aktiv mitgestalten #Internet #ECommerce

SQLI auf der dmexco 2024: Die Zukunft des Digital Commerce aktiv mitgestalten

Praxisnahe Einblicke und konkrete Lösungen für die digitale Zukunft

mynameisv.bsky.socialSep 11, 2024 5:53am

Mercredi c’est R⃥a⃥v⃥i⃥o⃥l⃥i⃥ Ivanti 🤡 10 CVE dont : - RCE preauth par deserialisation CVSS=10/10 (CVE-2024-29847) - SQLi post-auth qui permettant une RCE (CVE-2024-32840, -32842, -32843, -32845, -32846, -32848, -34783, -34785) infosec.exchange/@screaminggo...

SRvalorin.bsky.socialSep 9, 2024 1:03pm

Something I often find during my security audits: vulnerable code, such as SQLi, which is accidently protected by other code. 🙃 It's always frustrating to go from finding SQLi and doing a Dr Evil impression 😈 to realising it's unexploitable due to some random validator... 😭

Ssvrjs.orgSep 6, 2024 3:09pm

🚨 Be careful with ready-made exam solutions! 🚨 One of the ready-made solutions to the Polish INF.03 practical exam is vulnerable to both SQLi and XSS!

The code snippet from one of the scripts from the solution to Polish INF.03 practical exam, with bad security practices highlighted.

Ssvrjs.orgSep 6, 2024 4:25am

On Polish INF.03 practical exams, there is a list of MySQL-related functions, but one very important function - "mysqli_real_escape_string", which is used to protect against SQLi, is missing!

List of MySQL-related functions from Polish INF.03 practical exam.

Ccabusar.bsky.socialSep 3, 2024 5:04pm

Id: CVE-2024-8348 Score: Score: 6.3 Status: Awaiting Analysis Details: Critical SQLi in SourceCodester CMS v1. 0 lets attackers run code via delete_category in Master. php. Source: nvd.nist.gov/vuln/detail/CVE-2024-8348