⚠️Medium Risk Vulnerability Alert⚠️: CVE-2024-34701 CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made. This allows them to go to that request entry's on Special:RequestWikiQueue on the wiki where their local user ID matches and take any actions that the wiki requester is allowed to take from there. Commit 02e0f298f8d35155c39aa74193cb7b867432c5b8 fixes the issue. Important note about the fix: This vulnerability has been fixed by disabling access to the REST API and special pages outside of the wiki configured as the "global wiki" in `$wgCreateWikiGlobalWiki` in a user's MediaWiki settings. As a workaround, it is possible to disable the special pages outside of one's own global wiki by doing something similar to `miraheze/mw-config` commit e5664995fbb8644f9a80b450b4326194f20f9ddc that is adapted to one's own setup. As for the REST API, before the fix, there wasn't any REST endpoint that allowed one to make writes. Regardless, it is possible to also disable it outside of the global wiki by using `$wgCreateWikiDisableRESTAPI` and `$wgConf` in the configuration for one's own wiki farm. CVSSv3.1 Base Score: 5.9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) #CreateWiki #MediaWiki #apisecurity #owasp https://lnkd.in/dwCZs8Pd
API ThreatStats’ Post
More Relevant Posts
-
⚠️Medium Risk Vulnerability Alert⚠️: CVE-2024-29897 CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users with (delete) or (suppressrevision) on any wiki in the farm to access suppressed wiki requests by going to the request's entry on Special:RequestWikiQueue on the wiki where they have these rights. The same vulnerability was present briefly on the REST API before being quickly corrected in commit `6bc0685`. To our knowledge, the vulnerable commits of the REST API are not running in production anywhere. This vulnerability is fixed in 23415c17ffb4832667c06abcf1eadadefd4c8937. CVSSv3.1 Base Score: 4.9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) #createwiki #mediawiki #apisecurity #owasp https://lnkd.in/dAx2rguu
To view or add a comment, sign in
-
🔒 Intersala Ethical Hacking Project Team We are the dynamic team behind Intersala's groundbreaking Ethical Hacking Project. Comprising seasoned cybersecurity experts and enthusiasts, our mission is to fortify digital landscapes with ethical hacking practices. With a passion for securing online spaces, we delve into the world of cybersecurity to identify vulnerabilities and safeguard digital assets. 💡 Innovation in Ethical Hacking Our team at Intersala is at the forefront of ethical hacking innovation. We believe in proactive defense, tirelessly working to stay ahead of cyber threats. With a commitment to excellence, we embrace cutting-edge technologies and methodologies to secure systems and networks. 🌐 Global Impact Collaborating across borders, we leverage a diverse skill set to tackle cybersecurity challenges globally. Intersala's Ethical Hacking Project isn't just about code; it's about creating a safer digital future for everyone. 🛡️ Defenders of Digital Frontiers At Intersala, we view ethical hacking as a noble pursuit. Our team of ethical hackers is dedicated to pushing the boundaries of security, identifying vulnerabilities before they can be exploited. Join us on our journey to make the digital world a safer place for all. 🔐 Intersala Ethical Hacking Project: Securing the Digital Frontier 🌐 Dive into the world of cybersecurity with Intersala's cutting-edge Ethical Hacking Project. Our team of experts is committed to identifying and addressing vulnerabilities, offering proactive defense against cyber threats. Join us on a global mission to create a safer digital future for all. 🛡️ Why Choose Intersala's Ethical Hacking Services? ✅ Proactive Defense: Stay ahead of cyber threats with our innovative ethical hacking methodologies. ✅ Global Impact: Collaborate with a diverse team to tackle cybersecurity challenges on a global scale. ✅ Noble Pursuit: Join us in the mission to make the digital world a safer place for everyone. 🔒 Ethical Hacking Excellence at Your Fingertips Uncover the power of ethical hacking with Intersala. Together, let's defend the digital frontiers and create a secure online environment for businesses and individuals alike. Feel free to customize and adapt the bio and description based on the specific details of your project and organization. https://lnkd.in/guHhU3Nz
To view or add a comment, sign in
-
Full-Stack Web Developer @Rebolet | Penetration Tester | Cybersecurity Consultant | Former Bug Bounty Hunter
Wrote a script few years ago. This script uses subfinder, findomain, assetfinder, amass, httpx, and smap to enumerate subdomains, check for live domains, and check for open ports. #bugbounty #recon #securityengineering #hacking #bash #bashscripting #penetrationtesting #pentesting #togetherwehitharder
GitHub - itszeeshan/Subdomain-Grepper: Your go-to script for finding and checking subdomains. By scanning for open ports and checking status codes, it helps you understand which subdomains are active.
github.com
To view or add a comment, sign in
-
Last April 29th I completed the Web Fundamentals Course in TryHackMe. 😎 This course is very valuable especially in learning Web App Security. It tackles about the fundamentals of Web Applications, the architecture, and basically the ins and outs. After learning the fundamentals, it introduces different attack vectors and common vulnerabilities found within Web Applications and the OWASP Top 10. It encompasses how a web app is vulnerable, how to detect the vulnerability and how to exploit it. Overall, it is a very fun course, I really learned a lot from it. It is a great introductory course for Web Application Testing and Security.
To view or add a comment, sign in
-
-
🚨 Critical CVE Alert: Top 5 Vulnerabilities This Week 🚨 ➡ CVE-2023-42793 - JetBrains TeamCity RCE: This vulnerability involves Remote Code Execution (RCE) in JetBrains TeamCity and is actively exploited by APT29. ➡ CVE-2023-50164 - Apache Struts 2 Path Traversal and File Upload: Path traversal and file upload vulnerabilities in Apache Struts 2 potentially lead to Remote Code Execution (RCE). This CVE is actively exploited in the wild. ➡ CVE-2023-48702 - Jellyfin RCE: In Jellyfin (prior to version 10.8.13), a Remote Code Execution (RCE) vulnerability exists, and a proof-of-concept exploit is available. ➡ CVE-2023-42326 - Netgate pfSense RCE: Netgate pfSense is affected by a Remote Code Execution (RCE) vulnerability, though there is limited public information available about it. ➡ CVE-2023-46302 - Apache Submarine Insecure Deserialization: Apache Submarine is susceptible to Insecure Deserialization, as indicated by CVE-2023-46302 - Limited public information is available about this vulnerability. #CyberSecurity #CVE #InfoSec #StaySecure #ThreatIntelligence
To view or add a comment, sign in
-
-
Awesome Pentest Cheat Sheets A collection of cheat sheets useful for pentesting * Discovery * Exploitation * Privilege escalation * Tools * Payloads * Write-ups * Learning platforms + more #cybersecurity #infosec #pentesting https://lnkd.in/grwfCSkW
GitHub - ByteSnipers/awesome-pentest-cheat-sheets: Collection of cheat sheets useful for pentesting
github.com
To view or add a comment, sign in
-
Sr.Offensive Security | Penetration Tester Engineer | 3x CVE | CRTO | CRTP | eWPTx | eCPPT | eWPT | eMAPT
I'm excited to announce that I discovered my Third CVE ( CVE-2024-34071 ) in Umbraco .NET CMS. This is an Open Redirect protection bypass which allow the attacker to redirect any user to any malicious website. Umbraco has already released a fix for this vulnerability , so make sure to update your Umbraco CMS. If anyone interested in learning more about this vulnerability, I encourage you to check out the following links for Github and Nist : https://lnkd.in/dJZtnVCD https://lnkd.in/dwGDSbcw #hacking #pentest #offensivesecurity #infosec #cybersecurity #cybersecuritytips #pentesting #redteam #informationsecurity #umbraco #cve #penetrationtesting #vapt
CVE-2024-34071 - GitHub Advisory Database
github.com
To view or add a comment, sign in
-
🚀 **Unlocking the Secrets of Web Security: A Journey in Discovery** 🚀 Embarking on a fascinating educational room, I delved into the intricacies of web application security, unraveling the hidden facets of content discovery. Here's a snapshot of our journey and the valuable insights gained: 1. **Manual Content Discovery:** - Explored the robots.txt file, uncovering intentionally hidden areas like the "/staff-portal." - Learned that web servers communicate through HTTP headers, with the X-FLAG header revealing a mysterious THM{HEADER_FLAG}. 2. **Framework Stack Exploration:** - Discovered the importance of recognizing a website's framework, utilizing clues from page sources. - Navigated to the Acme IT Support website's framework, leading to the administration portal and a flag. 3. **OSINT Techniques:** - Leveraged Google Hacking/Dorking to selectively extract information from specific domains. - Explored Wappalyzer, the Wayback Machine, and GitHub for deeper insights into a target website. - Unveiled the significance of S3 Buckets on Amazon AWS, emphasizing the impact of correct access permissions. 4. **Automated Content Discovery:** - Delved into the power of automation using wordlists and tools like ffuf, dirb, and gobuster. - Executed these tools on the Acme IT Support website, revealing the "/monthly" directory and "/development.log" log file. In simple terms, we learned to manually inspect hidden areas of a web app, decode web server communications, identify frameworks, and leverage OSINT techniques for a comprehensive understanding of web security/testing. Automation tools proved invaluable in efficiently discovering content, enhancing our ability to navigate the complexities of web application vulnerabilities. This immersive journey not only broadened my knowledge but equipped me with practical skills to navigate the ever-evolving landscape of web app security. Here's to continuous learning and unlocking the secrets that safeguard the digital realm! 🔐💻 #WebAppSecurity #ContentDiscovery #OSINT #AutomationTools #CybersecurityEducation #InfoSecJourney #pentesting #WebAppHacking #EthicalHacking #TryHackMe
TryHackMe | Content Discovery
tryhackme.com
To view or add a comment, sign in
-
We are addressing the trend of companies paying bug hunters for exploiting vulnerabilities based on Praetorian's Github vulnerability research. At Praetorian, we believe this shouldn't be the norm. To combat this, we are introducing a free version of our Chariot platform with our ASM scanning capabilities. Our aim is to equip organizations with the tools needed to stay ahead of potential attacks, not to empower attackers. Key features of Github monitoring in Chariot's attack surface module include the identification of: - Exposed secrets in code - Changes from private to public repository status - Additions of new public repositories - Vulnerabilities in Github self-hosted runners Organizations can use this and many other features available in our attack surface module at no cost. We believe attack surface management is simply an enablement technology that should be part of the larger objective related to vulnerability prioritization and continuous threat exposure management. As such, we give the ASM module away for free. The real value is what sits on top. Learn more about the risks associated with GitHub and how we are working to mitigate them.
Secrets Exposed: The Rise of GitHub as an Attack Vector | Praetorian
https://www.praetorian.com
To view or add a comment, sign in
-
Praetorian is offering a free Chariot platform with ASM scanning to help organizations stay ahead of threats. Key features include detecting exposed secrets, repository changes, new public repositories, and vulnerabilities in self-hosted runners on GitHub. Learn more about mitigating GitHub risks.
We are addressing the trend of companies paying bug hunters for exploiting vulnerabilities based on Praetorian's Github vulnerability research. At Praetorian, we believe this shouldn't be the norm. To combat this, we are introducing a free version of our Chariot platform with our ASM scanning capabilities. Our aim is to equip organizations with the tools needed to stay ahead of potential attacks, not to empower attackers. Key features of Github monitoring in Chariot's attack surface module include the identification of: - Exposed secrets in code - Changes from private to public repository status - Additions of new public repositories - Vulnerabilities in Github self-hosted runners Organizations can use this and many other features available in our attack surface module at no cost. We believe attack surface management is simply an enablement technology that should be part of the larger objective related to vulnerability prioritization and continuous threat exposure management. As such, we give the ASM module away for free. The real value is what sits on top. Learn more about the risks associated with GitHub and how we are working to mitigate them.
Secrets Exposed: The Rise of GitHub as an Attack Vector | Praetorian
https://www.praetorian.com
To view or add a comment, sign in