POC for CVE-2024-34102 Magento / Adobe Commerce | Bug bounty poc
HTML-код
- Опубликовано: 30 июн 2024
- in this video i am going to show you latest cve of adobe commerce vulnerability that will help you to get bounty in bug bounty programs so motive of the video is to report this bug after finding so they secure there websites and if any youtube team watching this please dont restrict this video it takes so much time and efforts for make such video so people will learn and earn from this after reporting..Thank you
// Disclaimer //
Hacking without permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing & bug hunting so that we can protect ourselves against the real hackers.. - Наука
telegram channel:
t.me/lostsec
can you make a video how to CVE-2024-3136?
ok
Great work 🎉🎉🎉🎉🎉🎉❤❤❤❤❤❤
❤️🤗
❤🔥❤🔥❤🔥❤🔥❤🔥
I always wondered how you have that customized terminal in Win11. Is that WSL?
yes its wsl2 kali
@@lostsecc Also, after analyzing your shodan script. I think your reason may be because you have your api key with it. P.S. Feel free to remove this comment if I said too much, but if I am correct, I would appreciate an affirmation. Thanks again for another awesome vid, been a subscriber and follower since your early videos.
❤❤❤❤❤ unstoppable man 😊😘
thnq 🤗😇
Very very strong bro
My best channel this year, thanks for the content
my pleasure brother 😇☺️❤️
Bro ❤, you always stand out
❤️🤗
Learning a lot from you bro
my pleasure bro ❤️😇
Thanks for the video bro❤❤
You are awesome ❤❤❤
❤️🤗
Thanks for the content 🎉
❤️🤗
How do i start my career in bug bounty like You and what type of terminal is that(skulls).
wsl2 kali window terminal
@@lostsecc how did u get the skulls in the terminal
Hi Lostsec and community: wanted to mention: I love new laptops just like everyone else: But if you’re just running W10 or w11 with wsl2: and you’re trying to save time and speed things up: you probably just need one of these in your current laptop:
what i did'nt get u bro
man, never thought of recon in that way. nice!
❤️🤗
Can you do a manual discovery and vulnerability analysis on a site with a firewall and a website firewall? The videos and content are very original and strange, there are no limits, my friend, I expect this from you
sure ❤️
😮
in the browser on the shodan website u blurred some command will u share it? :)
shodan will patch it immidately bro
how will u find which of the domain will bounty and which will not?
use ip to org name convertor tool that i shared in telegram
So this is only possible for website running majento and Adobe only?
yws
What is allow pasting.
How we can use it.
Dies it required subscription.
no it does'nt require suscription
thanx
😎😎
😎🤏🏻
You are GOAT bro 💯🔥
😇❤️🤗
Great content ❤
❤️🤗
Bro, can you clarify how I found organizations? I know it like org:Meta http.html:blah blah. And one-by-one searches are so time-consuming. Any other method for it? How are you doing it?
i shared in telegram that tool must check there
@@lostsecc hackip2host is it?
@@lostsecc can you share your telegram group link ?
Please explain shodan ip grabbing method ❤❤
is running kali or any linux distro on wsl better than a VM ? I see you use it alot
i use wsl kali
@@lostsecc if you can make a video for your configuration on WSL would be awesome
i need to delete all this for that ok o will try on old laptop after delete
which extension you are using for ip gathering...?
link gopher
@@lostsecc ohhkkey...!👍🫡
🤑🤑🤑
Nice Bro!
Can you share Console command to download ips from Shodan Facet 3:25 ?
shodan will patch that immidately
Can you play this dork from the shodan console, it would save a lot of time or tell me where I can learn how to direct my js to get the ips in .txt you are really cool
shodan will patch it if its viral
Bro , Totally bounced you are extracting some ips which are vulnerable to the cve and performing the exploit on it , is it correct? if wrong please explain me
. thank you
not all vulnerable some are only..
@@lostsecc ok
Extracting ips are Using That Application vulnerable to cve. Not every ips is vulnerable some of them are patched already.
amazing..🥰
❤️🤗
@@lostsecc help me to solve this problem
Thank u❤
❤️🤗
First!!
❤️🙈
Bro, how do you find target for bug bounty!! are you in any bug bounty program??
BTW Very nice video.Keep doing it🙂🙂
use hak2ip tool and find these ip org names and report
what systme u are using ?
wsl2 kali
Love you , love your lectures
Sir Allow pasting k bd console men ky kia. please tip share kr den
shodan will patch immidately if i leak
I like the look of your terminal, where can I get it? I use kali linux
from microsoft store
@@lostsecc Ooh, I thought you made the terminal yourself bro, WSL is really cool bro
First
Hello bro , please I run dirsearch when following your guide on approaching a target in bug bounty but I get a lot of 403 in few mins ..is there any mitigations I could apply pls 😢😢
-fc 403
@@lostsecc what does that do please..it kinna look like my requests get dropped and forbidden..I noticed whenever I switch vpn location it works normally but starts malfunctioning after a few secs ..I tried using proxy chains but I couldn't get it to work
It's due to continuous bruting. The site is protected from Dos@@falanavictor1986
luv u bro
love u three bro ❤️🤗
what is the software used as terminal
wsl kali
you are a top
❤️
BRO whats the chrome extension you used
link gopher
@@lostsecc thxx
thanks man
can u give me advice about how learn about hacking ?
check telegram bro i tell everything in details
@@lostsecc ok tysm
Bhai ye konsa tool h jisse ye pata lage ki iss ip ka bug bounty h karke... ?? Tool name kya h
i shared in my telegram hak2ip
awesome ❤❤❤ name extantion extract only domain
link Gopher
bro, lots of love from Bangladesh. could you please share with us about bug bounty methodology?
thnq mate ❤️yes u shared all things in telegram channel must check there..
Bro how can i get combose list free for lecher openbullet
i did'nt tried it
please how to upload shell?
i will post on telegram
Awesome ❤❤😊😊😊 and one more it vulnerable also for RCE ?
U know how to do it?
❤️🤗
@@hexormc5164 not in master level just intermediate, I doesn't even find a single eligible bug in hackerone but in other private program find many bugs but not bounty , I am only one who have 99.9% of unlucky🥲
@@lostsecc u know how to perform RCE with exploit?
@@hexormc5164 i dont know bro, but i think it is posssible when do this refer some youtube channel they do it
Bro you make a very good video, but no one says anything about the fact that you always have a new wallpaper
☺️🫂❤️
wait for nextt video ❤️🔥
what is the trick to get all ips from shodan
shodan will patch if i explose
Dm me that shodan method you have bro if possible. I won't leak it, and good vid 👍
ok
Can u share ip extract from shodan I won't leak it bro pls
soon
Let me know how u scraping from shodan, just give me a hint!
I guess its not a better idea to ask the complete script 😌
All i need is a hint ill take care apart👋🏻
3:26 brother, can u pls provide this code that u used here...
shodan will patch it immidately if its leak
@@lostsecc Okay no problem.
I am new in cyber security, plzz help in learning,resources , path
i shared the path in telegram channel must check out
can you provide exploit.
check telegram channel bro
Song name please
dark beach
@@lostsecc Are you very busy man? I'm so many qus and doubts asked to you in telm but didn't response you but, it's ok i don't worry because I'm lostsec family member so spread love....
sorry bro i am testing other stufss so not checked i will check all
how many can you make money in month?? ❤❤
i love my work more then money
@@lostsecc money is important to be alive
when u work on your passion money will be automatic comes..
@@lostsecc yeah exactly why my first question 🙋 🙋
Give console cmd please
shodan will be ban immidately bro
@@lostsecc it's ok bro give me na please
Bro how we gonna earn From this 😂
use the ip to org comverter tool from my telegram and report to the org
Hey brother! I want to ask how much time it took you to earn yr first bounty and tell me how much you earn from Bug Bounty.
its totaly depend on your skills and hardwork for someone it takes 3-6 months for sometime it takes 1 year+
@@lostsecc Yeah! Thanks bro.
Sir please Mera nuclei ka issue clear kr den .. how can I contact you
in telegram channel t.me/lostsec
How to contact you if I want to talk to you or ask something???
telegram
@@lostsecc okay But your Telegram group is already a group, how can I chat with you there?
just msg me in bot link in discription of that channel
@@lostsecc okay
@@lostsecc By the way, you understand Hindi things.????
We want voice over bro 💀
when setup readyy sure