| Network Working Group C. Huitema | |
| Request for Comments: 4380 Microsoft | |
| Category: Standards Track February 2006 | |
| Teredo: Tunneling IPv6 over UDP | |
| through Network Address Translations (NATs) | |
| Status of This Memo |
| #!/usr/bin/env zsh | |
| # Download JSON file containing a list of bug bounty programs and their domains | |
| curl -O "https://raw.githubusercontent.com/projectdiscovery/public-bugbounty-programs/master/chaos-bugbounty-list.json" | |
| # Create folders for each bug bounty program | |
| cat chaos-bugbounty-list.json | jq -r '.programs[] | select(.bounty==true) | .name' | while read folder; do mkdir -p "$folder" -v; done | |
| # For each bug bounty program, get the domains and save them to a file | |
| for (( i=0; i < $(cat chaos-bugbounty-list.json | jq -r '.programs | length'); i++ )) |
| title | date |
|---|---|
Server Side Template Injection via Twig Security Extension |
2023-04-15 |
Shopware is an e-commerce platform that is open source and built on the Symfony Framework and Vue.js. The default storefront of Shopware 6, called Shopware 6 Storefront, is based on Twig and Bootstrap. Users can customize the appearance of their storefront by using extensions (previously known as plugins) to override the default Twig template files. These custom themes can be enabled using the included Shopware 6 Administration panel.
Please note that this is a bypass of CVE-2023-22731, which is being tracked as issue NEXT-24667 by Shopware.
I am happy to share vulnerability findings on Fortinet FortiMail, focusing on versions v7.0.1, v7.0.0, v6.4.5 & below, v6.3.7 & below, and v6.0.11 & below. During this assessment, I was able to identify an unpatched XSS (Cross-Site Scripting) vulnerability, tagged as CVE-2021-43062. The vulnerability allowed arbitrary code execution via a specially crafted HTTP GET request to the FortiGuard URI protection service.
| Product | Fortinet FortiMail |
|---|---|
| Vendor | Fortinet |
| Severity | Medium |
| Affected Versions | v7.0.1, v7.0.0, v6.4.5 & below, v6.3.7 & below, v6.0.11 & below |
Project Details:
- Client: [Client Name]
- Project Name: [Project Name]
- Testing Period: [Start Date] - [End Date]
In this report, we provide an overview of the security posture of the target system, detailing findings and their respective severities. The assessment is based on a comprehensive analysis of potential vulnerabilities and risks using the CVSS 3.0 and 3.1 scoring frameworks. Each finding is described along with its associated risk score and recommendations for remediation.
- Challenge: Serialization Saga
- Points: 100
- Category: Insecure Deserialization
This challenge is a CTF designed to test the ability to identify and exploit insecure deserialization vulnerabilities. Participants are required to perform certain functions by exploiting these vulnerabilities and obtaining flags as a result.