👩‍💻IW Weekly #62: Unauthorized Web Server Access by SQL Injection, Hacking LLMs, Bypassing WAFs, RCE on Open Ports, Prototype Pollution and many more..

👩‍💻IW Weekly #62: Unauthorized Web Server Access by SQL Injection, Hacking LLMs, Bypassing WAFs, RCE on Open Ports, Prototype Pollution and many more..
Photo by Kevin Ku / Unsplash

Unleashing the power within: @vickieli7's revelation of Hacking LLMs with Prompt Injection and Game-Changing GPT Application Attacks

Welcome to the #IWWeekly62 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 GitHub Repos and Tools, 1 Job Alert in today’s newsletter.

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

  1. @GokTest writes about how he clinched a handsome $30K bounty for remote code execution due to misconfigured open ports.
  2. In this detailed and beginner-friendly writeup, @ryuukhagetsu explains his journey of gaining access to the web server through SQL injection.
  3. With a focus on bypassing Web Application Firewalls (WAF), @PetittAlly reveals five effective steps and techniques employed by Security professionals.
  4. @vickieli7 explores hacking Large Language Models (LLMs) through prompt injections, providing essential insights into attacking GPT applications.
  5. Bypassing Akamai WAF for Prototype Pollution: Collaboration, Persistence, and Bounty Splitting Triumph in Exploitation" by @sudhanshur705 .
  1. Learn more about Access Control vulnerabilities in  this informative Twitter thread by @thebinarybot
  2. Explore major vulnerabilities and their related Proof of Concepts (POCs) in this insightful compilation by @RadhaSec
  3. @intigriti provides a comprehensive explanation of JSON Web Tokens (JWT) to enhance understanding.
  4. @InonShkedy shares how you can leverage verbose error messages to find some good issues.

📽️ 3 Insightful Videos

  1. @_JohnHammond provides a comprehensive walkthrough of a blue team lab, sharing valuable insights in this  video.
  2. @LiveOverflow explores authentication bypass techniques using root array in this informative video.
  3. Dive deep into the world of JSON Web Token (JWT) vulnerabilities in this informative video by @intigriti.

⚒️ 2 GitHub repositories & Tools

  1. Team @pdiscoveryio introduces Nuclei Version 2.9.5: Exciting Updates Include Max-Requests Counter, Payload Support in DNS Protocol, and more enhanced features!
  2. Team @pdiscoveryio released Nuclei template version 6.9.5 which introduces addition of new CVEs and templates like: CVE-2023-32243, CVE-2023-29923, CVE-2023-2825 and many more.

💰1 Job Alert

  1. NST cyber is hiring Penetration Tester - Associate/Consultant/Senior/SME for remote work all across India. Do drop your CV.

AI-Powered Cyber Threat Detection and Response: SIEM and Compliance solution powered by AI, real-time correlation, and threat intelligence. Built for simplicity, reduced noise and affordability. Learn More

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Hardik Singh, Siddharth, Bhavesh Harmalkar, Bimal Kumar Sahoo, Nithin R, Tuhin Bose, Alvin Mwambi and Shlok.
Newsletter formatting by: Nikhil A Memane, Hardik Singh, Siddharth, Rushi Padhiyar, Shlok and Nithin R.

Lots of love
Editorial team,
Infosec Writeups

If you have questions, comments, or feedback reach out to us on Twitter @InfoSecComm or email [email protected]

Subscribe to The Infosec Newsletter

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
[email protected]