{"uuid": "267579ec-5a50-41ef-9e78-e69e1adc7445", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-45467", "type": "seen", "source": "https://t.me/bhhub/714", "content": "#BugBountyTips of the Day\n2FA-Bypass-Techniques 1 Response Manipulation 2 Status Code Manipulation 3 2FA Code Leakage in Response 4 JS File Analysis 5 2FA Code Reusability 6 Lack of Brute-Force Protection @TodayCyberNews #bugbounty #bugbountytips #bugbountytip #cybersecurity #infosec #2FA #bypass\n---\nFind the bug in the code! The solution will be posted in today's #securityexplained series. Source: @SonarSource #appsec #infosec #bugbountytips #hacking https://t.co/Prdc5ZiVIE\n---\nNever think there are no bugs in highley tested programs Tip: inject in login parameters #bugbountytip #bugbounty #bughunting https://t.co/DXpEv1xuSG\n---\nCloudflare #XSS WAF Bypass @nav1n0x Payload: \"%2Bself[%2F*foo*%2F'alert'%2F*bar*%2F](self[%2F*foo*%2F'document'%2F*bar*%2F]['domain'])%2F%2F It's an ongoing program, so I had to mask the URL. #bugbountytips #infosec #CloudflareWAF #WAFBypass https://t.co/0IiKCaZrfT\n---\nCross Site Scripting (XSS) Akamai WAF Bypass @akazh18 try this payload : <!--><svg+onload=%27top[%2fal%2f%2esource%2b%2fert%2f%2esource](document.cookie)%27> #xss #waf #bugbounty #bugbountytip #bugbountytips https://t.co/YCE9fCQvtl\n---\n.%00./ is the new ..;/ CVE-2021-45467: beautiful preauth root RCE chain I found on CentOS Web Panel servers by bypassing common PHP function used for LFI protection & file write bug. RCE seems extemely widespread, pls patch!!!! #bugbounty #bugbountytip https://t.co/XRGLk4L5D9\n---\nOur first blog post is up! CVE-2021-45467: Preauth RCE in CentOS Web Panel affecting 200k+ web servers on Shodan (pls patch). We bypass strstr() based LFI protection and put a shell on the server. https://t.co/DvyakBkajj #bugbounty #bugbountytip https://t.co/0Z0cPU6HFl", "creation_timestamp": "2022-01-23T13:37:04.000000Z"}