GOOGLE HACKING / DORKING What is dorking?Google hacking or Dorking is nothing more than a way of looking for things a little... 2021-04-22 18:12:05 | 阅读: 516 | 收藏 | infosecwriteups.com php intext inurl cfm wordpress

Exploiting Unrestricted File Upload to achieve Remote Code Execution on a bug bounty program Accessing https://asdfasdf.redacted.com revealed a login form with a userid and name field. A user w... 2021-04-21 02:59:03 | 阅读: 183 | 收藏 | infosecwriteups.com hopefully ffuf seclists confirming insight

(POC) Remove any Facebook’s live video ($14,000 bounty) There is a feature (video trimming) which allow Facebook users to remove unnecessary content from th... 2021-04-19 15:44:31 | 阅读: 197 | 收藏 | infosecwriteups.com facebook 1675030 untrim trim awarded

Pwning your assignments: Stored XSS via GraphQL endpoint The bug was found on a highly mature bug bounty program, that was running for over 4–5 years as a pu... 2021-04-18 23:12:56 | 阅读: 181 | 收藏 | infosecwriteups.com payload instructor tutoring idor domaini

How I was able to find and exploit the Google Maps API key of a target and you can do it too Hey, What’s Up Fellow Hackers & pro bug bounty hunters hope you are doing well and staying safe, hun... 2021-04-16 17:13:02 | 阅读: 417 | 收藏 | infosecwriteups.com subdomain bugcrowd yeah mistake chose

JavaScript prototype pollution: practice of finding and exploitation If you follow the reports of researchers who participate in bug bounty programs, you probably know a... 2021-04-15 20:51:38 | 阅读: 533 | 收藏 | infosecwriteups.com pollution pp client payload

Anatomy of learning new things and keeping yourself updated in hacking Hi homies, I hope you all are safe and doing your stuff constantly. Summer is up and we are increasi... 2021-04-14 04:35:29 | 阅读: 199 | 收藏 | infosecwriteups.com enjoy writeups papers tips amazing

Unauthenticated Account Takeover Through Forget Password I was hunting a full month on a federal private program and comes up with plenty of account takeover... 2021-04-13 04:07:35 | 阅读: 203 | 收藏 | infosecwriteups.com plenty licensing asks resetting ended

Story of a really cool SSRF bug. 2021-04-12 19:24:09 | 阅读: 127 | 收藏 | infosecwriteups.com

Directory Fuzzing — Bug Bounty Let python automate your bug bounty work!Image by c0d3x all right reserved.When you are fuzzing a su... 2021-04-12 16:57:48 | 阅读: 223 | 收藏 | infosecwriteups.com github robots subdomain download dumper

SerpScan -Automate your Recon using search engines 2021-04-10 18:11:10 | 阅读: 120 | 收藏 | infosecwriteups.com

Play a game, get Subscribed to my channel - YouTube Clickjacking Bug | #GoogleVRP NOTE: Not gonna publish some of my best bugs :) Sorry !!!Well, it was a amazing Sunday ( We are a St... 2021-04-07 16:15:49 | 阅读: 232 | 收藏 | infosecwriteups.com youtube victim vrp reward song

Weird and very easy authentication bypass found with Google dorking In this post, I will explain how I found an authentication bypass, and further explored the function... 2021-04-05 22:56:30 | 阅读: 202 | 收藏 | infosecwriteups.com bypass inurl loaded redirected

Bragging Rights: Let’s head back to bug bucket Welcome back my hacker homies! I hope you all are doing great, like me! So many things to learn dail... 2021-04-04 13:06:26 | 阅读: 190 | 收藏 | infosecwriteups.com bypass payload bypasses idors incorrect

Understanding & Identifying Insecure Deserialization Vulnerabilities This post explains the nitty-gritty of Insecure Deserialization Vulnerabilities. We will be covering... 2021-04-03 23:44:33 | 阅读: 240 | 收藏 | infosecwriteups.com php python attacker pickle deserialize

[BugHunt] Authenticated RCE found in HorizontCMS — Part 2 (PHP Filetype Bypass) As I talked about in the Part 1, [BugHunt] Authenticated RCE found in HorizontCMS — Part 1 (Maliciou... 2021-04-03 23:43:26 | 阅读: 187 | 收藏 | infosecwriteups.com php horizontcms test2 htaccess bypassed

[BugHunt] Authenticated RCE found in HorizontCMS — Part 1 (Malicious Plugins) A couple of weeks ago, I teamed up with my buddy, Chi Tran, to do some bug hunting on an open-source... 2021-04-03 14:29:41 | 阅读: 186 | 收藏 | infosecwriteups.com php horizontcms ttimot24 wiki googlemaps

Facebook Push Notification Linkshim Bypassed I’m glad you’re here. Please have fun reading (@nmochea).While browsing and finding facebook vulnera... 2021-04-01 23:20:25 | 阅读: 181 | 收藏 | infosecwriteups.com facebook client bypassed 2flogin 2ecom

Intigriti — XSS Challenge 0321 XSS with CSRF BypassThe challenge announcement on TwitterIt was March and Intigriti published a new... 2021-04-01 23:20:06 | 阅读: 293 | 收藏 | infosecwriteups.com intigriti 0321 onmousemove webpage mailto

Exploiting misconfigured OAuth to takeover accounts Hi, in this writeup I will talk about two misconfigured OAuth flaws I found while looking for bugs,... 2021-03-31 14:17:35 | 阅读: 147 | 收藏 | infosecwriteups.com attacker client victim comdidn supplying