Hello
A page that was 401 before, after bypassing the authorization withing manipulating the header (X-Forwarded-For), i noticed tons of used python packages, can this be information disclosure???
I found a dangling cname pointing to a smartling subdomain, does anyone had experience with this service?
For what i found online it seems that no one was able to do it so far, but I'd like to heart if some of you found a way to
So my question is simple.
Is it possible that subdomain take over is dead?
I spent the last week building a tool that scraped every subdomain eligible for bounties for every single website.
After getting the final list, i spent another 2 days to orchestrate the progams i've made: correctly (between fix and stuffs)
The script itself sent around 300k requestes per hour, and i scanned over 600k alive assets.
How is it possible that i just found 4 takeoverable domains over half milion assets? Is this vulnerability dead or too researched?
If you live here in the earth you probably heard about CopyFails, a vulnerability that let an attacker who gained access as an user, gain root access within low effort (PoCs available)
My question is: What HTB is gonna do about it? all the old machines are basically vulnerable to this CVE and this break the PE process for every of those machines.
