Ignis@blog:~$

  • ManageEngine ServiceDesk plus 10.0 Privilege Escalation

    Bypassing Authentication Guest to NT AUTHORITY/SYSTEM SHELL Ata Hakçıl, Melih Kaan Yıldız Overview CVE-2019-10008 Allows any user of ServiceDesk Plus to authenticate as another user. Platform allows for authenticating as any user if session cookies are juggled in a very precise way between the platform and the mobile container. It...

  • How google is your enemy if you have no idea what you are doing

    # What is GHDB? First of all, GHDB (Google Hacking Database) is a collection of google search queries aiming to find vulnerable software without a specific scope/target. You can find a vulnerability which was crawled by google, as an example, you can find every website which has its home folder...