Video není dostupné.
Omlouváme se.
POC for CVE-2024-34102 Magento / Adobe Commerce | Bug bounty poc
Vložit
- čas přidán 16. 08. 2024
- in this video i am going to show you latest cve of adobe commerce vulnerability that will help you to get bounty in bug bounty programs so motive of the video is to report this bug after finding so they secure there websites and if any youtube team watching this please dont restrict this video it takes so much time and efforts for make such video so people will learn and earn from this after reporting..Thank you
// Disclaimer //
Hacking without permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing & bug hunting so that we can protect ourselves against the real hackers..
telegram channel:
t.me/lostsec
Bro where to find free bounty's like they don't pay you you are just training
Free bug bounty programs?
Please explain shodan ip grabbing method ❤❤
Example of little key thing: I don’t like to run w11 bare metal because it has black/blue screened on me too many times in the past. So: I like to run everything from a VM so that I can make an updated clone each week. I noticed there is a lot of WSL happening now. If you running w11 as a VM, you’re not gonna get WSL Kali running/working on w11 in any VM software that I know of. If you run w10 in parallels on Mac i9 you can get wsl Kali running if you try 2 or 3 times. Other than that: specifically wsl2 Kali in a w11 VM? Nope.
I always wondered how you have that customized terminal in Win11. Is that WSL?
yes its wsl2 kali
@@lostsecc Also, after analyzing your shodan script. I think your reason may be because you have your api key with it. P.S. Feel free to remove this comment if I said too much, but if I am correct, I would appreciate an affirmation. Thanks again for another awesome vid, been a subscriber and follower since your early videos.
can you make a video how to CVE-2024-3136?
ok
❤❤❤❤❤ unstoppable man 😊😘
thnq 🤗😇
Very very strong bro
How do i start my career in bug bounty like You and what type of terminal is that(skulls).
wsl2 kali window terminal
@@lostsecc how did u get the skulls in the terminal
Hi all: sometimes an easy quick way to learn is an opinion question comparison: Tell me: what is your favorite scanner (amass, dirsearch, aquatone)? Why/why not? What is your favorite proxy (burp, mtmproxy, Caido, zap) why/why not? The idea with question like this: when everyone responds they will probably mention some little key thing that others didn’t know. Hell: what is your favorite platform (hackerone, bugcrowd, intigriti, Immunefi) why/why not?
Could you share the payload you used to download the shodan result on the console?
soon share in telegram
My best channel this year, thanks for the content
my pleasure brother 😇☺️❤️
Hi Lostsec and community: wanted to mention: I love new laptops just like everyone else: But if you’re just running W10 or w11 with wsl2: and you’re trying to save time and speed things up: you probably just need one of these in your current laptop:
what i did'nt get u bro
man, never thought of recon in that way. nice!
❤️🤗
pls provide the console command to download the results (pls I beg you)
shodan will patch immidately if i publish
Can you do a manual discovery and vulnerability analysis on a site with a firewall and a website firewall? The videos and content are very original and strange, there are no limits, my friend, I expect this from you
sure ❤️
👍🏻
what did you use for the linux terminal in windows
kali wsl
@@lostsecc thanks dawg
how will u find which of the domain will bounty and which will not?
use ip to org name convertor tool that i shared in telegram
hey man, could you upload some of your templates for nuclei?
greetings from brazil.
sure uploading soon..
@@lostsecc thank you bro!
You are the best, Friend.
🤗❤️
I am new in cyber security, plzz help in learning,resources , path
i shared the path in telegram channel must check out
You are GOAT bro 💯🔥
😇❤️🤗
Bro I'll like to talk to you but your telegram bot I don't no how to go around it, is there another way that I could talk with you
just msg anything its come to me there
Learning a lot from you bro
my pleasure bro ❤️😇
Bro you make a very good video, but no one says anything about the fact that you always have a new wallpaper
☺️🫂❤️
wait for nextt video ❤️🔥
Bro, how do you find target for bug bounty!! are you in any bug bounty program??
BTW Very nice video.Keep doing it🙂🙂
use hak2ip tool and find these ip org names and report
Awesome ❤❤😊😊😊 and one more it vulnerable also for RCE ?
U know how to do it?
❤️🤗
@@hexormc5164 not in master level just intermediate, I doesn't even find a single eligible bug in hackerone but in other private program find many bugs but not bounty , I am only one who have 99.9% of unlucky🥲
@@lostsecc u know how to perform RCE with exploit?
@@hexormc5164 i dont know bro, but i think it is posssible when do this refer some youtube channel they do it
Sir Allow pasting k bd console men ky kia. please tip share kr den
shodan will patch immidately if i leak
Great work 🎉🎉🎉🎉🎉🎉❤❤❤❤❤❤
❤️🤗
Can you share Console command to download ips from Shodan Facet 3:25 ?
shodan will patch that immidately
Thanks for the video bro❤❤
You are awesome ❤❤❤
❤️🤗
3:26 brother, can u pls provide this code that u used here...
shodan will patch it immidately if its leak
@@lostsecc Okay no problem.
Can u share ip extract from shodan I won't leak it bro pls
soon
What is allow pasting.
How we can use it.
Dies it required subscription.
no it does'nt require suscription
Can you play this dork from the shodan console, it would save a lot of time or tell me where I can learn how to direct my js to get the ips in .txt you are really cool
shodan will patch it if its viral
Just awesome 👌 🎉
thnq bro ❤️
in the browser on the shodan website u blurred some command will u share it? :)
shodan will patch it immidately bro
please how to upload shell?
i will post on telegram
Bro how can i get combose list free for lecher openbullet
i did'nt tried it
bro, lots of love from Bangladesh. could you please share with us about bug bounty methodology?
thnq mate ❤️yes u shared all things in telegram channel must check there..
Bro, can you clarify how I found organizations? I know it like org:Meta http.html:blah blah. And one-by-one searches are so time-consuming. Any other method for it? How are you doing it?
i shared in telegram that tool must check there
@@lostsecc hackip2host is it?
@@lostsecc can you share your telegram group link ?
First!!
❤️🙈
is running kali or any linux distro on wsl better than a VM ? I see you use it alot
i use wsl kali
@@lostsecc if you can make a video for your configuration on WSL would be awesome
i need to delete all this for that ok o will try on old laptop after delete
@@lostsecc maybe do a writeup instead of video that would be efficient too
what is the software used as terminal
wsl kali
❤🔥❤🔥❤🔥❤🔥❤🔥
can u give me advice about how learn about hacking ?
check telegram bro i tell everything in details
@@lostsecc ok tysm
sir Allow pasting k bd kya likhna
its hidden bcz of policy
Let me know how u scraping from shodan, just give me a hint!
I guess its not a better idea to ask the complete script 😌
All i need is a hint ill take care apart👋🏻
So this is only possible for website running majento and Adobe only?
yws
First
Thanks for the content 🎉
❤️🤗
Sir please Mera nuclei ka issue clear kr den .. how can I contact you
in telegram channel t.me/lostsec
I like the look of your terminal, where can I get it? I use kali linux
from microsoft store
@@lostsecc Ooh, I thought you made the terminal yourself bro, WSL is really cool bro
😎😎
😎🤏🏻
Great content ❤
❤️🤗
Nice Bro!
can you provide exploit.
check telegram channel bro
Hello bro , please I run dirsearch when following your guide on approaching a target in bug bounty but I get a lot of 403 in few mins ..is there any mitigations I could apply pls 😢😢
-fc 403
@@lostsecc what does that do please..it kinna look like my requests get dropped and forbidden..I noticed whenever I switch vpn location it works normally but starts malfunctioning after a few secs ..I tried using proxy chains but I couldn't get it to work
It's due to continuous bruting. The site is protected from Dos@@falanavictor1986
@@lostseccbro can you tell anyway other than payloads to bypass 403 forbidden error ? Please bro ?
Bro , Totally bounced you are extracting some ips which are vulnerable to the cve and performing the exploit on it , is it correct? if wrong please explain me
. thank you
not all vulnerable some are only..
@@lostsecc ok
Extracting ips are Using That Application vulnerable to cve. Not every ips is vulnerable some of them are patched already.
which extension you are using for ip gathering...?
link gopher
@@lostsecc ohhkkey...!👍🫡
😮
Why you disappeared
just busy in some other things i will active soon..
Dm me that shodan method you have bro if possible. I won't leak it, and good vid 👍
ok
Bhai ye konsa tool h jisse ye pata lage ki iss ip ka bug bounty h karke... ?? Tool name kya h
i shared in my telegram hak2ip
what systme u are using ?
wsl2 kali
Love you , love your lectures
thanx
what is the trick to get all ips from shodan
shodan will patch if i explose
amazing..🥰
❤️🤗
@@lostsecc help me to solve this problem
🤑🤑🤑
BRO whats the chrome extension you used
link gopher
@@lostsecc thxx
thanks man
awesome ❤❤❤ name extantion extract only domain
link Gopher
luv u bro
love u three bro ❤️🤗
Thank u❤
❤️🤗
Song name please
dark beach
@@lostsecc Are you very busy man? I'm so many qus and doubts asked to you in telm but didn't response you but, it's ok i don't worry because I'm lostsec family member so spread love....
sorry bro i am testing other stufss so not checked i will check all
you are a top
❤️
how many can you make money in month?? ❤❤
i love my work more then money
@@lostsecc money is important to be alive
when u work on your passion money will be automatic comes..
@@lostsecc yeah exactly why my first question 🙋 🙋
Give console cmd please
shodan will be ban immidately bro
@@lostsecc it's ok bro give me na please
Bro how we gonna earn From this 😂
use the ip to org comverter tool from my telegram and report to the org
Hey brother! I want to ask how much time it took you to earn yr first bounty and tell me how much you earn from Bug Bounty.
its totaly depend on your skills and hardwork for someone it takes 3-6 months for sometime it takes 1 year+
@@lostsecc Yeah! Thanks bro.
We want voice over bro 💀
when setup readyy sure
How to contact you if I want to talk to you or ask something???
telegram
@@lostsecc okay But your Telegram group is already a group, how can I chat with you there?
just msg me in bot link in discription of that channel
@@lostsecc okay
@@lostsecc By the way, you understand Hindi things.????