Это видео недоступно.
Сожалеем об этом.
CVE-2024-4367 - Arbitrary JavaScript execution in PDF.js
HTML-код
- Опубликовано: 21 июн 2024
- // Disclaimer //
Hacking without permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing & bug hunting so that we can protect ourselves against the real hackers..
sending love from Kenya | GGs
Hi pia mimi niko kenya, tunaweza connect aje
i did not found how to generate poc pdf
I have now become a fan of yours ❤
☺️❤️🤗
The king is back!! 😃
Keep it up boss 🙌
❤️
@@lostsecc So has the bug been reported ? Tried it just now and they are still much vulerable to it
its reported they are not patching it..
Pdf script ??
sending in telegram
@@lostsecc which telegram channel?
t.me/lostsec
Nice bro I am waiting your paylod keep it up bro❤
sure sending soon.
Where can i get the payload
telegram
Did you find this?
How much does it take for you to find it?
5min
@@lostsecc bounty?
dup
great find
please how do you know whether a particular website is having that pdf.js vulnerability
check weplizer extension
@@lostsecc Thank you
Can i get a sample of the pdf you used
Bro can you please upload the pdf exploits payloads on your new github account?
sure
@@lostsecc Can you please upload it now? I just found a vulnerable domain, and uploading it now may help me.
@@lostsecc Bro please upload bro
Muito bom 🇧🇷🇧🇷🇧🇷🇧🇷🇧🇷🇧🇷🇧🇷🇧🇷
Loving your content❤
How much bounty you got brother 🎉
Brotha eww. Always good content🔥
🤗😇
@@lostsecc you got a discord? I wanna write some tools
Sir meri Linux men nuclei install to horai but work nai kr rai.chat GPT. Bing sb sy puch Lia Mgr nai bat bni..
dm me in telegram and send me anydesk id
MY BROTHER, HOW DO I ARRANGE THE PDFS OF THIS SCRIPT, CAN YOU ADD IT FOR US?
i am sharing in trlegram
how can i message you? My pdf xss work but not like this, your pdf payload is way more better. and i have a target and im trying to exploit it and i try your payload but there is no pop up
maybe bcz thats not pdf.js one there arw two types of pdf exploits
@@lostsecc thanks for clarification
Can you make more detailed and longer videos like this.
sure
Bounty?
file upload and js injection
Error yhi araha nuclei template out dated hyn update kr Lia re install b Kia but bat ni bni
sudo nuclei -ut
I have xss with pdf file but i cant see the cookies i see just alertt
i am sharing payload in telegram soon
@@lostsecc share with me the pdf file with cookies payload i need it
Sir , Please write all extension that you used ,which help in finding bugs and we get to know this site having vulnerability
first comment lots of love ❤❤
❤️😇
How leak cookie?
must be pdf.js
@@lostsecc I've searched your telegram, but there is no pdf.js with document.cookie or domain
Bro how to use tor in windows terminal
sudo apt install tor
@@lostsecc bro suggest me some best programming language for scripting and for penetration testing
still waiting for your play list 😀💔
hey brother can you provide payload pdf??
sure sending in channel
ANY BOUNTY MOSTLY BBP DOESN'T ACCEPT IT. I REPORTED HUNDREDS.
its accepted ! you need to get the cookie
can you please share the js files
i shared in telegram bro
@@lostsecc where is your telegram link??
Bro, i have a question. I reported this issue on HackerOne but the report closed as an informative. Because not possible to access dom via pdf file
Can you share this pdf?
sure
❤
tg link?
t.me/lostsec
Please help
Really you are the boss
❤️🤗
Traige ?
no response
Self-XSS. You won't get any bounty for this.
its stored
@@lostsecc stored self-xss. Can only be used on yourself
self-stored-xss is still self-xss.
its not self xss the HR who shortlist candidate by checking resume will affected by this..and we can get there cookie..
That's not what you demo'd. You demo'd the attacker exploiting xss on themselves.
Payload please
telegram
Bro please send all pdf files 😊❤
sure in telegram
soon sending
🤍😍😍
Sending Love From Pakistan 🫀😀👍
LOADING.... 99%
❤️🫂😇🤗
❤️🫂😇🤗
❤️🫂😇🤗
@@lostsecc sir how did you customized your terminal and pc .. can you make a video on it ...i am a begginer in hacking ( script kiddie )..
please make it ...... sirrrrrrr..
love you 🫀🥰❤🩹❤🩹❤🩹❤🩹❤🩹