"A 2FA bypass is not a bug because you'd need to know the username and password to use it"
uhhhhh folks what do you think 2FA is for?
pam-duress: A Pluggable Authentication Module (PAM) which allows the establishment of alternate passwords that can be used to perform actions to clear sensitive data, notify IT/Security staff, close off sensitive network connections, etc if a user is coerced into giving a threat actor a password.
DO NOT USE eval()
DO NOT USE exec()
For the use case mentioned here ("you don't know what the variable name could be"/"you need to dynamically change the name) use getattr() instead.
DO NOT USE eval()
DO NOT USE exec()
If you use eval() and/or exec() in your code, you are literally begging your application to get hacked. You've taken out a billboard saying "please RCE my face"
If you're ever wondering "How the hell does my company find customers", remember that there's a place that says...
"Our company specializes in the design of a variety of equipment to thicken the ice on lakes and rivers for commercial and industrial purposes," Rossington noted. "We undertake contracts to build ice all across Canada."
If the ice thickeners found a market, you can, too.
BIG-IP? More like GAPING-IP
Hackers are exploiting a server vulnerability with a severity of 9.8 out of 10.
Hacker, comedian, RED Scout fan, gold Ekko one-trick. Watching them sorting debris.