Shak Reiner 🍍 Or Ben Porath Egor Dimitrenko @__mn1__ Juan Araya Paula Januszkiewicz Aditya K Sood Federico Dotta Antonio Morales Filipi Pires Jake B Synacktiv

[HIP21]⚡️As promised the videos are live !⚡️ Go check it out and ENJOY !🎉 youtube.com/playlist?list=… Shak Reiner 🍍 Or Ben Porath Egor Dimitrenko @__mn1__ Juan Araya Paula Januszkiewicz Aditya K Sood Federico Dotta Antonio Morales Filipi Pires Jake B Synacktiv

🚨 New article by our researchers @__mn1__ and Egor Dimitrenko about unauth RCEs in VMware products: "Hunting for bugs in VMware: View Planner and vRealize Business for Cloud". Read the article: swarm.ptsecurity.com/hunting-for-bu… This is the first article about our VMware research. More to come!

🔥 We have reproduced the fresh CVE-2022-24086 Improper Input Validation vulnerability in Magento Open Source and Adobe Commerce. Successful exploitation could lead to RCE from an unauthenticated user.

⚡️We have successfully bypassed the patch for RCE in Magento Open Source and Adobe Commerce (CVE-2022-24086), and have sent the report to Adobe (we weren't the first). The new CVE-2022-24087 was issued. Hotfix is available now. Patch ASAP!

Second article by our researcher Egor Dimitrenko about unauth vulnerabilities in VMware products: "Catching bugs in VMware: Carbon Black Cloud Workload and vRealize Operations Manager". Read the article: swarm.ptsecurity.com/catching-bugs-…

✅ A tip for those who hunt bugs in mobile applications from Starbucks

Today, Hackerone took $25k from me, because I am a belarusian citizen. 1/9

I understand platforms like Synack Red Team HackerOne and bugcrowd not allowing Russian/Belarusian hackers to be paid for new bugs, or not allowing them to participate. But to steal what they have already earned prior, and donate it without their consent is theft. They

top

⚠️ Rapid7 fixed an SQL-Injection (CVE-2022-0757) and an XSS (CVE-2022-0758) in Nexpose Vulnerability Scanner found by our researcher Aleksey Solovev. Advisory: docs.rapid7.com/release-notes/…

🔥 We have reproduced the fresh CVE-2022-22954 Server-Side Template Injection in VMware Workspace ONE Access. Successful exploitation could lead to RCE from an unauthenticated user. Patch ASAP!

HPE fixed two vulnerabilities in OneView found by our researcher Nikita Abramov. 1️⃣ CVE-2022-23699 - Authentication Restriction Bypass 2️⃣ CVE-2022-23700 - Unauthorized Read Access to Files Find out more ➡️ support.hpe.com/hpesc/public/d…

✅ A simple, but not obvious approach to perform an internal pentest of Active Directory.

💥 We have reproduced CVE-2022-31626, an RCE in PHP <= 7.4.29 which can be triggered via a rogue MySQL/MariaDB server! It's a Heap Overflow, works with MySQLi/PDO, and doesn't require LOAD LOCAL INFILE. The PoC 👉 github.com/CFandR-github/…

🧩 Zoneminder fixed a Post-Auth RCE found by our researcher Ilya Yatsenko (@fulc2um). See details in the advisory 👉 github.com/ZoneMinder/zon…

💥 New attack! Our researcher Arseniy Sharoglazov discovered a PHP's Arbitrary Object Instantiation with no user-defined classes. It was turned to RCE! Read the research: swarm.ptsecurity.com/exploiting-arb…

⚓️ New article by our researcher Mikhail Klyuchnikov: "Jetty Features for Hacking Web Apps". Read the research: swarm.ptsecurity.com/jetty-features…

🏆 Our nominees for PortSwigger Top 10 of 2022! 1️⃣ Jetty Features for Hacking Web Apps 2️⃣ Exploiting Arbitrary Object Instantiations in PHP without Custom Classes 3️⃣ Discovering Domains via a Time-Correlation Attack on Certificate Transparency Vote here:portswigger.net/polls/top-10-w…

💬 New article by our researcher Aleksey Solovev: "MyBB <= 1.8.31: Remote Code Execution Chain". 🐞 Abusing Nested Parsers Conditions for getting XSS 🐞 From Privileged SQL Injection to RCE Read the article: swarm.ptsecurity.com/mybb-1-8-31-re…