Severity: High Type: SSRF / Credential Leakage Date: 2026-03-24 Status: Confirmed (reproduced with Burp Collaborator) CVSS 3.1: 8.6 (High)
Mehmet INCE mdisec
mdisec
/ gist:27c0cac0ec6a8f3c8f85a18987ddb942
Last active
March 25, 2026 08:05
prompts.chat | SSRF & Credential Leakage via Fal.ai Media Status Polling
mdisec
/ manageengine_appmanager_exec_0day.rb
Created
April 19, 2019 20:33
ManageEngine Applications Manager Remote Code Execution 0day
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## | |
| # This module requires Metasploit: http://metasploit.com/download | |
| # Current source: https://github.com/rapid7/metasploit-framework | |
| ## | |
| class MetasploitModule < Msf::Exploit::Remote | |
| Rank = ExcellentRanking | |
| include Msf::Exploit::Remote::HttpClient | |
| include Msf::Exploit::FileDropper |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| alert(1) |
mdisec
/ keybase.md
Created
November 3, 2016 07:01
I hereby claim:
- I am mmetince on github.
- I am mehmet (https://keybase.io/mehmet) on keybase.
- I have a public key ASCYw3yOgrkGgAPBBbyrV6HKGtNys38L1oxJ8Ucg5Pj26wo
To claim this, I am signing this object:
mdisec
/ gist:89198d4f00f0081af08a
Created
October 21, 2014 21:32
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "title": "ALERTS", | |
| "services": { | |
| "query": { | |
| "idQueue": [], | |
| "list": { | |
| "3": { | |
| "id": 3, | |
| "color": "#BF1B00", | |
| "query": "event_type:\"alert\"", |
mdisec
/ gist:b0d44cc14e4c4c10cd64
Last active
February 10, 2023 21:59
Kibana with Nginx Reverse Proxy + SSL + HTTP Auth
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Nginx proxy for Elasticsearch + Kibana | |
| # | |
| # In this setup, we are password protecting the saving of dashboards. You may | |
| # wish to extend the password protection to all paths. | |
| # | |
| # Even though these paths are being called as the result of an ajax request, the | |
| # browser will prompt for a username/password on the first request | |
| # | |
| # If you use this, you'll want to point config.js at http://FQDN:443/ instead of | |
| # http://FQDN:9200 |