- 83
- 2 148 688
Chirag Artani
India
Приєднався 19 кві 2016
Hello, I am Chirag Artani from Khandwa MP. I like uploading all kind of things like Religious events, Ethical Hacking Stuff & Classical Old Songs.
Remote Code Execution In Wild | 9M Targets Vulnerable | Never Seen This Exploit Live Recon - Netlas
PHP CGI - Argument Injection (CVE-2024-4577) is a critical argument injection flaw in PHP.
Netlas - app.netlas.io/plans/
Template - raw.githubusercontent.com/projectdiscovery/nuclei-templates/316bd7092f2966a4dfa1e7dd525d45b6b1d159d4/http/cves/2024/CVE-2024-4577.yaml
Thank you for watching the video!
Netlas - app.netlas.io/plans/
Template - raw.githubusercontent.com/projectdiscovery/nuclei-templates/316bd7092f2966a4dfa1e7dd525d45b6b1d159d4/http/cves/2024/CVE-2024-4577.yaml
Thank you for watching the video!
Переглядів: 137
Відео
WordPress Automatic Exploit | SSRF & Unauthenticated Arbitrary File Download | Live Recon 2024
Переглядів 16114 днів тому
WordPress Automatic plugin 3.92.1 is vulnerable to unauthenticated Arbitrary File Download and SSRF Located in the downloader.php file, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files, could fall into the wrong hands. This vulnerability has been patched in version 3.92.1. temp - raw.githubusercontent.com/projectdiscovery/nucl...
Unauthenticated Remote Code Execution - Bricks | CVE-2024-25600 | RCE In WordPress Plugin
Переглядів 28028 днів тому
This is CVE-2024-25600 in Bricks Bricks Builder is a popular WordPress development theme with approximately 25,000 active installations. It provides an intuitive drag-and-drop interface for designing and building WordPress websites. Bricks 1.9.6 is vulnerable to unauthenticated remote code execution RCE which means that anybody can run arbitrary commands and take over the site/server. This can ...
7,025 Vulnerable Instance Used By Multinational Companies | CVE-2024-4879 - Jelly Template Injection
Переглядів 330Місяць тому
CVE-2024-4879 - Jelly Template Injection Vulnerability in ServiceNow ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. Template - github.com/Brut-Security/CVE-2024-4879 I am not responsible for...
Magento XXE (CVE-2024-34102) - RCE in Adobe Magento | Live Recon POC
Переглядів 283Місяць тому
Big companies are using this CMS, I found Microsoft and reported them as well. Magento is one of the most popular e-commerce solutions in use on the internet. It's estimated that there are over 140,000 instances of Magento running as of late 2023. Adobe's most recent advisory for Adobe Commerce / Magento, published on June 11th, 2024 highlighted a critical, pre-authentication XML entity injecti...
PHP CGI RCE | CVE-2024-4577 - XAMPP 0day | POC Live Recon
Переглядів 3,8 тис.2 місяці тому
Hello, today let's exploit CVE-2024-4577 which is PHP-CGI Argument Injection. I always upload trending CVE's first ever before anybody else. Note: I am not responsible for your bad activity. Please use it in legitimate way. Description - CVE-2024-4577 is a critical vulnerability in PHP affecting CGI configurations, allowing attackers to execute arbitrary commands via crafted URL parameters. Cre...
Check Point R81, R80, R77, R75 - Arbitrary File Read | Live Recon Using Netlas - CVE-2024-24919 POC
Переглядів 1,6 тис.2 місяці тому
I am using Netlas, this is the query for search - nt.ls/MqxNV (visiting and you will see). In the netlas you get 2500 queries monthly for free and you can find lot of potential issues using Netlas. Can you use it for bug bounty or research purposes. CVE-2024-24919 is an information disclosure vulnerability that can allow an attacker to access certain information on internet-connected Gateways w...
CVE-2024-3400 PAN-OS Working POC - Proof Of Concept Palo Alto VPN | Latest Exploit CMD Injection
Переглядів 3,3 тис.4 місяці тому
A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. CVE-2024-3400 Proof Of Concept - I am writing a file as root so I can't execute or see in the frontend but it will show me 403 b...
Hacking A Scamming Network With The Help Of FBI | Defacing Scam Portal FBI Helped Me
Переглядів 994 місяці тому
Hi, I hacked this scamming network which scams people in the name of stock market, they shutdown this server and created a new one but again I Defaced their new server as well. I showed that FBI is helping me in this , so they should scare running such scams and loot innocent people. Thank You For Watching
Stock Market Scam | SS-Equitrade, Viking Trading, Kotakses scam alert - 420 crore करोड़ रुपए की ठगी
Переглядів 1,1 тис.5 місяців тому
Hello, today I am going to expose a very tricky scam which is stock market scam, please watch the video till the end. ss-equitrade, kotak plc, viking trading, apalxs. These are the scam names & all of them have absolutly similar interface, There's more but these mentioned are the main applications or sites which scams thousands of people. Now it all happens through whatsapp, they add you in a g...
Exposed: The $56 Million Stock Market Scam - Inside the Biggest Rip-Off of the Decade| 420 Crore INR
Переглядів 9895 місяців тому
Shocking $56 million or 420 crore rupees stock market scam that left innocent investors devastated. Join us as we uncover the truth behind this massive fraud and its impact on those affected. I am Chirag Artani a penetration tester, who hunts scammers and yeah I do white hat hacking. Scamming tactics & story in short - Note- ss-equitrade/SS-Equitrade is still active and scamming people This sca...
POC Sitecore Remote Code Execution CVE-2023-35813 | Live Recon
Переглядів 1,3 тис.10 місяців тому
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3. reference: - support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1002979 - code-white.com/blog/exploiting-asp.net-templateparser-part-1/ - nvd.nist.gov/vuln/detail/CVE-2023-35813 Nuclei Template - templates.nuclei.sh/public/CVE-2023-35813.y...
CVE-2023-35078 Exploit POC - MobileIron | Ivanti - Live Recon
Переглядів 939Рік тому
CVE-2023-35078 Exploit POC - MobileIron | Ivanti - Live Recon
Khandwa MP, Ram Navmi 2023 | खंडवा मध्य प्रदेश | राम नवमी जुलूस 2023
Переглядів 4,6 тис.Рік тому
Khandwa MP, Ram Navmi 2023 | खंडवा मध्य प्रदेश | राम नवमी जुलूस 2023
Digestive system, Organs and Internal vessels Hindi | Naturopathy By Sachin Patil Burhanpur/Khandwa
Переглядів 203Рік тому
Digestive system, Organs and Internal vessels Hindi | Naturopathy By Sachin Patil Burhanpur/Khandwa
Navratri Visarjan Khandwa MP | नवरात्रि विसर्जन खंडवा, मध्य प्रदेश 2022
Переглядів 3,3 тис.Рік тому
Navratri Visarjan Khandwa MP | नवरात्रि विसर्जन खंडवा, मध्य प्रदेश 2022
Siya Ram Chowk Kakad Aarti | Maa Kaali Bhavya Aarti | खंडवा MP - Live #navratrispecial
Переглядів 694Рік тому
Siya Ram Chowk Kakad Aarti | Maa Kaali Bhavya Aarti | खंडवा MP - Live #navratrispecial
GANESH VISARJAN | KHANDWA MP | गणेश विसर्जन, खंडवा
Переглядів 2,1 тис.Рік тому
GANESH VISARJAN | KHANDWA MP | गणेश विसर्जन, खंडवा
जन्माष्टमी | Janmashtami - Khandwa. Shani Mandir Square | मटकी तोड़, खंडवा MP | 2022
Переглядів 1,2 тис.2 роки тому
जन्माष्टमी | Janmashtami - Khandwa. Shani Mandir Square | मटकी तोड़, खंडवा MP | 2022
दादाजी धूनीवाले महा आरती | Guru Poornima 2022 | Dadaji Dhuni wale Complete Maha Aarti LIVE
Переглядів 4 тис.2 роки тому
दादाजी धूनीवाले महा आरती | Guru Poornima 2022 | Dadaji Dhuni wale Complete Maha Aarti LIVE
Guru Poornima Dadaji Dhuni Wale Live 2022 After Maha Aarti Khandwa MP, गुरु पूर्णिमा दादा दरबार.
Переглядів 7572 роки тому
Guru Poornima Dadaji Dhuni Wale Live 2022 After Maha Aarti Khandwa MP, गुरु पूर्णिमा दादा दरबार.
Guru Poornima गुरु पूनम | 2022 Khandwa MP, Dadaji Temple Live
Переглядів 9 тис.2 роки тому
Guru Poornima गुरु पूनम | 2022 Khandwa MP, Dadaji Temple Live
Hacking 6.5+ million websites CVE-2022-29455 (Elementor) | DOM XSS Proof Of Concept
Переглядів 2,4 тис.2 роки тому
Hacking 6.5 million websites CVE-2022-29455 (Elementor) | DOM XSS Proof Of Concept
Spring Boot Remote Code Execution Proof Of Concept | spring-cloud-function | Latest 0day
Переглядів 2,7 тис.2 роки тому
Spring Boot Remote Code Execution Proof Of Concept | spring-cloud-function | Latest 0day
भोले की बारात, महाशिवरात्रि महादेवगढ़ खंडवा मध्य प्रदेश. MahaShivaRatri MP
Переглядів 2,5 тис.2 роки тому
भोले की बारात, महाशिवरात्रि महादेवगढ़ खंडवा मध्य प्रदेश. MahaShivaRatri MP
Shivratri Mahadevgad 2022 | Khandwa, MP
Переглядів 3,1 тис.2 роки тому
Shivratri Mahadevgad 2022 | Khandwa, MP
Scanning 9000 Webserver IP's Under 2 Minutes | Live Recon | Bug Bounty
Переглядів 1 тис.2 роки тому
Scanning 9000 Webserver IP's Under 2 Minutes | Live Recon | Bug Bounty
Ganpati Visarjan 2021 | Khandwa Ke Vighnaharta | Beautiful Memory.
Переглядів 1,3 тис.2 роки тому
Ganpati Visarjan 2021 | Khandwa Ke Vighnaharta | Beautiful Memory.
Jira Confluence Unauth Remote Code Execution POC | 2021
Переглядів 7142 роки тому
Jira Confluence Unauth Remote Code Execution POC | 2021
How Use CHMOD 600 in Windows For SSH Key Or Other
Переглядів 7 тис.3 роки тому
How Use CHMOD 600 in Windows For SSH Key Or Other
Aaisi awaz ajatak kisi ke gazal gayak ki nahi suni...osman mir always hit
Waah❤️👌👌🙏👍💐
Very good thanks janardan singh jaunpur india
need shodan dork. thx
I don't have a query for shodan. Would recommend you Netlas, try it once. They offer 2500 queries free a month.
bro is there any python script for this cve?
@@AlanSahliz Yes on the Github you can find a lot of scripts. But I would recommend you to test manually using Burpsuite or maybe you can try with curl.
@@chiragartani can u give me recomendation of the all of command injection for executing RCE in apache? i have to learn this
@@chiragartani give poc how to upshell bro
@@AlanSahliz github.com/xcanwin/CVE-2024-4577-PHP-RCE , I wouldn't recommend because this is for the defence purposes.
Bus apki avaj or har tarf sukun ❤❤❤
Thanks for the amazing video..
@@ZTechSecurity thank you 🙏
You sang it beautifully really ❤. Superb mesmerising
Veri nice 🖤🇮🇪🖤🇮🇪🖤🇮🇪
can u help me for CVE-2024-6387 i wont explan for work
I will try.
Bahut surili awaj me gate ho.Bahut sundar.
यह मुरारी बापू क्या पगला गए हैं आजकल की आर्केस्ट्रा कवि सम्मेलन कव्वाली और मुशायरा सुन रहा है कहीं गजल सुन रहा है तो कहीं ठुमरी सुन रहा है इसे सनातन संस्कृति से बाहर करें बड़े संत
Brother awesome i just love it, now it will be more fun :)
Thankyou:))
Took me 3 or 4 days to successfully reproduce the bug in my lab . Its not easy though , you have to tweak configuration files!
That's ultra easy to exploit. There's nothing easiest than this :). You have to actually understand the way.
@@chiragartani Exploit is easy , if you can follow instructions. Setting up the enviroment to make exploitation possible , is a chore if you are not well versed with apache directives!
@@Official_Baba_yaga learn PHP, simple.
@@chiragartani Am starting to question your legitimacy/credibility , this bug needs zero php code knowhow. The flaw is how php handles input under certain circumstances!
@@Official_Baba_yaga , I have submitted over 10k instances to the company, I think I actually understand bit better about the bug and exploitation or not?
gazal chhe bhai gazal ni jem gao
can you do exploit in facebook accounts i will pay for that
no bro
THE BEAST OF BHAJAN AND SOUNGS THANKS😂😂😂😂😂😢😢😢😢😢😢😢😅😅😅😅😅😮😮😮😮🎉🎉🎉🎉🎉🎉🎉🎉
Duniya kisi ke pyar me jannat se kam nahi ... Ek dil ruba hai dil me huron se kam nahi......?
super cool .
मीर भाई अल्लाह ताला ने आपको गाने की नियामत बख्शी है जिसकी तारीफ में मेरे पास शब्द नहीं है । बस आपको सुनता रहूं 🎉अस्सलाम वालेकुम
ua-cam.com/video/c_UNxmCfrYI/v-deo.htmlsi=vdtKSsD1F4VQEA8t
Lajavab
Mir saheb how many rupees will you earn because I have been looking that there are many people or oriented given prizes in which of the note of Gaddis because you have learned art music thank you , I prey to God we need as well as you.
No comparison
how can upload shell bro?
@@TheSmileMakers1 Just learn PHP. Put the code like I did that's it. Or use curl/f_get_content in PHP.
Fantastic rendition..kucch alag style mein present kiya hein is kalakar ne..maza aa gaya...log paise throw karte hein?❤❤❤❤❤
how to find sites vulnerable? any dorks ?
लाजवाब गायकी बहुत पसंद आयी
Can rce be achieved with this?
@@hexormc5164 yes gain admin access reading app.php, crack JWT through that and then look for existing post auth RCE. Or just leverage XXE to upload files remotely and execute shell.
Do u know how to leverage for rce?
Maa choddi ghazal ki😢
Rohit, bhartiy, chitekoot, see
hey man, I dont have that "authenticated users" group on security, do I need to have it?
संगीत समझने वालों को प्रेम सुधा से कम नहीं।
If you listen full song it means your music teast is good
Hsmari jannat ye duniya hi he Vaha huroka bhala ksya kam he vafa to dilruba karati he Varana huro mr kaha dam he
वाह मीर ❤
पहली बार सून रहा हू आपको.. बहुत ही अच्छी सुरीली आवाज है.. आपको सॅल्यूट 🌹🌹🌹
Is this vulnerable only for localhost?
You can't see the domain name?
great video thanks , plz could you tell us how to find the vulnerable websites?
hi bro, im reproducing that cve but it's not work to me. plz help me T_T
1) Needs to be a server running on windows 2) Vulnerable php version 3) php needs to be in "CGI MODE" 0:48 See that server api entry ? your lab has to read the same
Modhu,,! Modhu!❤❤❤❤❤❤❤❤
Great work though!! Was trying to find these in wild since an hour.
i found in 20 sites yet
@@chiragartani Only chineese ?
@@chiragartani Can you leak 1 site for test cve ?
@@medi4884 I can't. That's the one I have shown In the video.
@@medi4884 If you read up on the vulnerability , you find sources stating the windows must be in either locales Traditional Chinese (Code Page 950) Simplified Chinese (Code Page 936) Japanese Your best bet is to go after chinese and japanese targets!
How to find vulnerable Targets though?! Any shodan search query you would like to give?!
use netlas
Following PHP branches are vulnerable to this CVE: 8.1.* 8.2.* 8.3.* Example shodan search for 8.2.* branch: server: php 8.2.* (search for everything below 8.2.20)
समझ में नहीं आता है कि ऐ बापू के आश्रम की कोठा है ,,, पैसा फेंकने कि कला कया कोठे से सिख कर आया है बापू के भक्त लोगों?????
How to find that url domain? And how to report?
Using Netlas. You can use that for free
how we find the url and how we understood this is vulnerable?
how do you stay updated about this kind of new cves?
Twitter/X, main and real source where all these stuffs are primarily posted.
http.body:"Check Point SS Network Exteder" host_type:domain i am to this command but not working can you explain me ?
Nostalgia ❤
Bahut meethi aawaz mn krta h sunte hi rho,aapko sunna bahut accha lgta h