Our great sponsors
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
CyberChef
The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Now we know for sure there is a /.git/ folder on the server. Now we can use a tool like Git dumperto extract all of the information from the git folder on to our own machine and take a look at the source code.
ARBITRARY REMOTE LEAK with CVE-2022-44268
When we did cargo run "/etc/passwd" on the file we got an image with code injected into it. When we upload it to the server and download the "shrunken" version of it we can run identify -verbose {image} to get the outputting hex values of our input. Inputting it to something like CyberChef and converting it from hex to ascii we get this output: