Mastodawn

Forbidden Does’t Mean Impossible — Discovering Hidden Endpoints with 403Bypasser
In this article, the researcher discovered a technique for bypassing 403 Forbidden errors and uncovering hidden endpoints. The vulnerability stemmed from a lack of proper error handling and insufficient input validation on the application's side. By using the 403Bypasser tool, the researcher sent crafted requests to test for potential bypasses. The payload contained an If-Modified-Since header with a future timestamp. If the response included a 200 OK status instead of the expected 403 Forbidden, it indicated that the endpoint was vulnerable. The researcher found that the application failed to handle invalid timestamps, allowing them to access sensitive information. This flaw could potentially lead to unauthorized data access or information disclosure. The researcher earned $1,500 for this discovery. Proper remediation involves implementing proper input validation for timestamps, as well as thorough error handling. Key lesson: Inadequate error handling and input validation can lead to information disclosure and bypassing intended access restrictions. #BugBounty #InformationDisclosure #403Bypasser #InputValidation #Cybersecurity #WebSecurity

https://medium.com/bug-bounty-hunting-a-comprehensive-guide-in/forbidden-doesnt-mean-impossible-%EF%B8%8F-discovering-hidden-endpoints-with-403bypasser-c65d7d5e6b9f?source=rss------bug_bounty-5

🚪 Forbidden Doesn’t Mean Impossible 🕵️ Discovering Hidden Endpoints with 403Bypasser

🚪 Bypassing 403 Forbidden Responses in Bug Bounty Hunting

Medium

Bug Bounty Shorts Mar 11

XXE Injection Guide: Fundamentals, Payloads, and Bug Bounty Strategies
This write-up describes the XML External Entity (XXE) injection vulnerability, focusing on its fundamentals, payloads, and bug bounty strategies. The root cause is an application's failure to properly handle XML entities, allowing external data (DTD or XML entity references) to be loaded. By crafting payloads with DTD-based entities to force external file inclusions or Remote File Inclusion (RFI), the researcher discovered vulnerable applications. The mechanism involves tricking the application into parsing malicious XML entities, causing it to read and execute arbitrary files or network resources. This vulnerability can lead to serious consequences such as data breaches, information disclosure, and even Remote Code Execution (RCE). A $2,000 bounty was awarded for discovering an XXE vulnerability on a popular platform. To remediate, enforce strict XML entity handling, limit DTD processing, and consider using XML parsers with built-in protection against XXE injections. Key lesson: Always validate and sanitize user-supplied XML input to prevent XXE injections. #BugBounty #Cybersecurity #XML #XXEInjection #InformationDisclosure

https://medium.com/@jpablo13/xxe-injection-guide-fundamentals-payloads-and-bug-bounty-strategies-1a11e73856a5?source=rss------bug_bounty-5

XXE Injection Guide: Fundamentals, Payloads, and Bug Bounty Strategies

Learn what XXE is, how to detect it, and the best payloads for file reading, SSRF, and OOB attacks in security audits.

Medium

Yonhap Infomax News Feb 19

Korea Hydro & Nuclear Power Co. secured the top rating in the 2025 public institution information disclosure assessment, highlighting its commitment to transparency and improved customer satisfaction.
#YonhapInfomax #KoreaHydroNuclearPower #InformationDisclosure #MinistryOfTheInteriorAndSafety #CustomerSatisfaction #Transparency #Economics #FinancialMarkets #Banking #Securities #Bonds #StockMarket
https://en.infomaxai.com/news/articleView.html?idxno=105845

Korea Hydro & Nuclear Power Earns Top Rating in '2025 Information Disclosure Comprehensive Assessment'

Yonhap Infomax

Bug Bounty Shorts Feb 1

Clobbering DOM Attributes to Bypass HTML Filters and Trigger DOM-Based XSS
This article demonstrates a unique form of DOM-based Cross-Site Scripting (XSS) by exploiting property collisions in the Document Object Model (DOM). The application filters user comments for restricted HTML but overlooks unsafe assumptions about specific DOM properties. By intentionally clobbering an existing property (onclick), the researcher overwrites its original value with malicious code, effectively bypassing filtering mechanisms that should have removed it. Although event handlers such as onclick and onfocus were supposed to be removed, the clobber attack allowed their retention. This vulnerability can result in sensitive data exposure or account takeover. The researcher did not disclose a bounty amount, but the article serves as a valuable lesson for security researchers to scrutinize assumptions about DOM properties during sanitization. Key lesson: Carefully examine all DOM properties when implementing HTML filtering to avoid clobber attacks. #BugBounty #Cybersecurity #DOMXSS #InformationDisclosure

https://meetcyber.net/clobbering-dom-attributes-to-bypass-html-filters-and-trigger-dom-based-xss-cc2afb437bde

Clobbering DOM Attributes to Bypass HTML Filters and Trigger DOM-Based XSS

How DOM property collisions quietly break client-side HTML sanitization.

Medium

Colan Schwartz Oct 9

https://techcrunch.com/2025/10/07/security-bug-in-indias-income-tax-portal-exposed-taxpayers-sensitive-data/
#security #India #government #informationdisclosure #idol #taxes

Exclusive: Bug in India's income tax portal exposed taxpayers’ sensitive data

TechCrunch verified that the security bug in the Indian Income Tax Department's e-Filing portal exposed taxpayers' data to other users. The security researchers who found the flaw say the data leak is now fixed.

TechCrunch

Bill Mar 1, 2025

Here's something that wasn't on your bingo card. Secrets, like API keys were gobbled up in a huge dataset used to train most GenAI models. People leave them in GitHub, then the model absorbs the code, and bobs your uncle.

https://thehackernews.com/2025/02/12000-api-keys-and-passwords-found-in.html?m=1

#genai #informationdisclosure

12,000+ API Keys and Passwords Found in Public Datasets Used for LLM Training

Nearly 12,000 live secrets found in LLM training data, exposing AWS, Slack, and Mailchimp credentials—raising AI security risks.

The Hacker News

SnoopGod Linux Jun 29, 2024

Hackers exploit critical D-Link DIR-859 router flaw to steal passwords
#ACTIVELYEXPLOITED #DLINK #HARDWARE #INFORMATIONDISCLOSURE https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-d-link-dir-859-router-flaw-to-steal-passwords/

Hackers exploit critical D-Link DIR-859 router flaw to steal passwords

Hackers are exploiting a critical vulnerability that affects all D-Link DIR-859 WiFi routers to collect account information from the device, including passwords.

BleepingComputer

🛡 [email protected]/:~#

May 30, 2024

Check Point Vulnerability Report: CVE-2024-24919

Date: May 29, 2024

CVE: CVE-2024-24919

Vulnerability Type: Exposure of Sensitive Information to an Unauthorized Actor

CWE: [[CWE-22]], [[CWE-425]]

Sources: Check Point, [Tenable](CVE-2024-24919 | Tenable®) Tenable Blog

Synopsis

A critical vulnerability (CVE-2024-24919) has been identified in Check Point's CloudGuard Network Security appliance, allowing unauthorized actors to access sensitive information.

Issue Summary

The vulnerability, categorized as an 'Exposure of Sensitive Information to an Unauthorized Actor,' affects Check Point's CloudGuard Network Security appliances. Attackers can exploit this vulnerability to read sensitive information from gateways connected to the Internet and enabled with Remote Access VPN or Mobile Access. The flaw is actively exploited in the wild, making it a high-priority issue for administrators.

Technical Key Findings

The vulnerability arises from a path traversal issue in the appliance's handling of certain HTTP requests. Attackers can manipulate the request paths to access files on the device, bypassing standard access controls. The exploit involves sending crafted HTTP requests to the vulnerable endpoint, allowing unauthorized file reads.

Vulnerable Products

Check Point CloudGuard Network Security appliances with Remote Access VPN or Mobile Access enabled.

Impact Assessment

Exploiting this vulnerability can lead to unauthorized access to sensitive information, such as configuration files and password hashes. This could potentially escalate to full system compromise if critical files are accessed and misused.

Patches or Workaround

Check Point has released a hotfix to address this vulnerability. Administrators are urged to apply the patch immediately. The company also recommends placing the vulnerable gateway behind another security gateway with IPS and SSL inspection enabled as a temporary mitigation.

Tags

#CheckPoint #CVE-2024-24919 #InformationDisclosure #PathTraversal #NetworkSecurity #CloudGuard #SecurityPatch #VulnerabilityManagement #threatintelligence

Check Point - Wrong Check Point (CVE-2024-24919)

Gather round, gather round - it’s time for another blogpost tearing open an SSLVPN appliance and laying bare a recent in-the-wild exploited bug. This time, it is Check Point who is the focus of our penetrative gaze. Check Point, for those unaware, is the vendor responsible for the 'CloudGuard

watchTowr Labs - Blog

🛡 [email protected]/:~#

May 15, 2024

VMware Patches Severe Security Flaws in Workstation and Fusion Products

Date: May 2024
CVE: CVE-2024-22267, CVE-2024-22268, CVE-2024-22269, CVE-2024-22270
Vulnerability Type: Use-After-Free, Heap Buffer Overflow, Information Disclosure
CWE: [[CWE-416]], [[CWE-122]], [[CWE-200]]
Sources: The Hacker News, Broadcom advisory

Issue Summary

Multiple severe security vulnerabilities have been identified in VMware Workstation and Fusion products. These vulnerabilities could potentially allow threat actors to execute arbitrary code, access sensitive information, and trigger denial-of-service (DoS) conditions. The affected versions include Workstation 17.x and Fusion 13.x.

Technical Key Findings

The vulnerabilities include a use-after-free issue in the Bluetooth device (CVE-2024-22267), a heap buffer overflow in the shader functionality (CVE-2024-22268), and two information disclosure flaws (CVE-2024-22269 and CVE-2024-22270). Exploiting these vulnerabilities requires local administrative privileges on a virtual machine, potentially allowing attackers to manipulate the VM's VMX process.

CVE-2024-22267 (CVSS score: 9.3) - A use-after-free vulnerability in the Bluetooth device that could be exploited by a malicious actor with local administrative privileges on a virtual machine to execute code as the virtual machine's VMX process running on the host

|VMware Product|Version|Running On|CVE|CVSSv3|Severity|Fixed Version|Workarounds|Additional Documentation|
|---|---|---|---|---|---|---|---|---|
|Workstation|17.x|Any|CVE-2024-22267|9.3|Critical|17.5.2|KB91760|None|
|Fusion|13.x|OS X|CVE-2024-22267|9.3|Critical|13.5.2|KB91760|None|

CVE-2024-22268 (CVSS score: 7.1) - A heap buffer-overflow vulnerability in the Shader functionality that could be exploited by a malicious actor with non-administrative access to a virtual machine with 3D graphics enabled to create a DoS condition

| VMware Product | Version | Running On | CVE | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| -------------- | ------- | ---------- | -------------- | --------------------------------------------------------------------------------------------- | --------- | ------------- | ------------------------------------------------ | ------------------------ |
| Workstation | 17.x | Windows | CVE-2024-22268 | 7.1 | Important | 17.5.2 | KB59146 | None |
| Fusion | 13.x | OS X | CVE-2024-22268 | 7.1 | Important | 13.5.2 | KB59146 | None |

CVE-2024-22269 (CVSS score: 7.1) - An information disclosure vulnerability in the Bluetooth device that could be exploited by a malicious actor with local administrative privileges on a virtual machine== to read privileged information contained in hypervisor memory== from a virtual machine

|VMware Product|Version|Running On|CVE|CVSSv3|Severity|Fixed Version|Workarounds|Additional Documentation|
|---|---|---|---|---|---|---|---|---|
|Workstation|17.x|Any|CVE-2024-22269|7.1|Important|17.5.2|KB91760|None|
|Fusion|13.x|OS X|CVE-2024-22269|7.1|Important|13.5.2|KB91760|None|

CVE-2024-22270 (CVSS score: 7.1) - An information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality that could be exploited by a malicious actor with local administrative privileges on a virtual machine to read privileged information contained in hypervisor memory from a virtual machine

| VMware Product | Version | Running On | CVE | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| -------------- | ------- | ---------- | -------------- | --------------------------------------------------------------------------------------------- | --------- | ------------- | ----------- | ------------------------ |
| Workstation | 17.x | Any | CVE-2024-22270 | 7.1 | Important | 17.5.2 | None | None |
| Fusion | 13.x | OS X | CVE-2024-22270 | 7.1 | Important | 13.5.2 | None | None |

Vulnerable Products

VMware Workstation versions 17.x
VMware Fusion versions 13.x

Impact Assessment

Exploiting these vulnerabilities could lead to significant security breaches, including arbitrary code execution on the host machine, sensitive data exposure, and system crashes. The critical nature of these flaws underscores the need for immediate remediation to prevent potential attacks.

Patches or Workarounds

VMware has released patches for these vulnerabilities in versions 17.5.2 (Workstation) and 13.5.2 (Fusion). As temporary measures, users are advised to disable Bluetooth support and 3D acceleration features on virtual machines. However, there is no workaround for CVE-2024-22270.

Tags

#VMware #CVE-2024-22267 #CVE-2024-22268 #CVE-2024-22269 #CVE-2024-22270 #UseAfterFree #HeapBufferOverflow #InformationDisclosure #Virtualization #Workstation #Fusion #SecurityPatch

VMware Patches Severe Security Flaws in Workstation and Fusion Products

Researchers have uncovered a critical vulnerability in VMware's Bluetooth device, allowing code execution by malicious actors.

The Hacker News

🛡 [email protected]/:~#

Mar 28, 2024

Wall-Escape Vulnerability Analysis: Implications and Mitigation Strategies

Date: February 27, 2024
CVE: CVE-2024-28085
Vulnerability Type: [[Command Injection]]
CWE: [[CWE-77]], [[CWE-78]], [[CWE-88]]
Sources: [SANS Wall-Escape (CVE-2024-28085)](https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt

Issue Summary

Wall-Escape (CVE-2024-28085) unveils a critical flaw in the wall command from the util-linux package, allowing unprivileged users to execute command-line arguments without proper escape sequence filtering. This vulnerability has existed since 2013, posing a significant risk on systems where wall is setgid and mesg is set to 'y', notably Ubuntu 22.04 and Debian Bookworm.

Technical Key findings

The flaw arises from the mishandling of command-line arguments (argv), which are not sanitized for escape sequences. This oversight enables attackers to inject arbitrary text onto terminals of other users, potentially leading to information leakage or clipboard alteration. The vulnerability is exploitable through crafted wall command executions, leveraging system features to extract sensitive information such as user passwords.

Vulnerable products

All versions of util-linux since 2013
Specifically impactful on:
- Ubuntu 22.04
- Debian Bookworm

Impact assessment

Successful exploitation can lead to unauthorized information disclosure and manipulation of terminal sessions. On Ubuntu 22.04, attackers can deceive users into revealing passwords. The vulnerability also enables clipboard content alteration on certain terminal emulators.

Patches or workaround

No specific patches were mentioned for CVE-2024-28085. Users are advised to restrict access to the wall command and monitor systems for unusual terminal behavior indicative of exploitation attempts.

Tags

#CVE-2024-28085 #CommandInjection #Ubuntu #Debian #InformationDisclosure #util-linux #TerminalSecurity