How I made it to Google HOF? Heyyy Everyoneeee,I know it’s been a quite long time since I shared any of my findings sorry about t... 2021-03-22 22:56:18 | 阅读: 240 | 收藏 | infosecwriteups.com idor appid appsheet vrp replied

IDOR that allowed me to takeover any users account. Hello all! My name is Vedant, also known as Vegeta(on twitter). I’m a cybersecurity enthusiast, comp... 2021-03-22 16:29:36 | 阅读: 193 | 收藏 | infosecwriteups.com payload clicked idor visited

How I hacked Facebook: Part Two This article was previously revised by multiple parties before releasing it, and I had to get writte... 2021-03-20 00:20:50 | 阅读: 519 | 收藏 | infosecwriteups.com facebook ssrf aspxauth network

Business Logic Error on Registration Leads to SMS Validation Bypass Hello, fellow hunters. It is time for another write-up. It was basically a business logic error whic... 2021-03-11 06:11:04 | 阅读: 239 | 收藏 | infosecwriteups.com username enters redirected burp

Chain of Low Level Bugs and Misconfigurations Leads to Account Takeover Hello, fellow hunters. I am going to tell you a tale about one of my recent findings in which I was... 2021-03-10 19:21:27 | 阅读: 257 | 收藏 | infosecwriteups.com payload btoa fired bypass 26sol

How I Found Blind XSS On Flipkart Hello Everyone….I hope you all are doing well. This write-up about Flipkart Cross-Site -Scripting Vu... 2021-03-10 18:29:28 | 阅读: 273 | 收藏 | infosecwriteups.com flipkart payload hall lohigowda security

Somebody Call the Plumber, GraphQL is Leaking Again… Hello Everyone, I have a story for you today. It primarily will be about a GraphQL vulnerability I w... 2021-03-10 01:14:02 | 阅读: 235 | 收藏 | infosecwriteups.com bugcrowd payout facebook monday

Exploiting HTTP Request Smuggling (TE.CL)— XSS to website takeover Even though HTTP Request Smuggling is documented back on 2005, it is still one of the least known We... 2021-03-09 23:46:15 | 阅读: 261 | 收藏 | infosecwriteups.com intruder turbo burp payload

Bigbasket Bug Bounty Writeup Bigbasket Bug BountyThis is my first write-up.I am Lohith Gowda M (Security Engineer). Due to covid-... 2021-03-09 20:03:09 | 阅读: 265 | 收藏 | infosecwriteups.com backup allowbackup basket security tue

How I Got Access Dunzo Internal Dashboard Hello Everyone!This write-up about Dunzo Sensitive Information Disclosure Vulnerability.The vulnerab... 2021-03-09 19:46:54 | 阅读: 268 | 收藏 | infosecwriteups.com dunzo subdomain tue mon lohigowda

How I was able to bypass the subscription plan of a famous regional e-paper web application by… My Wife was looking for a job as a teacher. One day she told me that she needs this particular newsp... 2021-03-09 03:11:34 | 阅读: 219 | 收藏 | infosecwriteups.com trial burp wife buying usertype

Leveraging Template injection to takeover an account. Hi, I am back again with an interesting writeup, this is about a template injection bug I reported t... 2021-03-08 14:39:25 | 阅读: 219 | 收藏 | infosecwriteups.com customized attacker injection csti greeting

THE INVINCIBLE KID …This short write-up is about a vulnerability in Facebook Lite that allowed anyone to be invincible... 2021-03-05 21:39:36 | 阅读: 253 | 收藏 | infosecwriteups.com kid facebook victim attacker guardian

Bragging Rights: Killing File uploads softly Hi buddies, I hope you all are doing great and breaking internet on regular basis. I have started ha... 2021-03-01 09:50:53 | 阅读: 227 | 收藏 | infosecwriteups.com 00000 accepting synack searched

Grafana Admin Panel bypass in Google Acquisition(VirusTotal) I started with usual subdomain recon of a google acquisition(VirusTotal).This time I used a online s... 2021-02-28 03:54:57 | 阅读: 254 | 收藏 | infosecwriteups.com subdomain username acquisition visited signup

OAuth Misconfiguration Leads to Full Account takeover Hi Every one, My name is Yasser (AKA Neroli in CTF’s) and I wanted to share this Finding with you :)... 2021-02-28 03:54:52 | 阅读: 225 | 收藏 | infosecwriteups.com linking staticid popup him ups

Password Reset Token Leak via X-Forwarded-Host Hi everyone,I am Saajan Bhujel.Student of Bachelor of Commerce(B.Com) and also I am a Bug Bounty Hun... 2021-02-28 03:54:44 | 阅读: 275 | 收藏 | infosecwriteups.com victim ngrok hackerone malicious saajan

Intro to Bug Bounty Automation (pt.2) Okay, so Slack can’t actually perform port scans! However, it can act as a communication channel to... 2021-02-26 04:49:09 | 阅读: 212 | 收藏 | infosecwriteups.com remote monitoring nmap slackexec alternate

RCE on a Laravel Private Program The recent Laravel CVE enables remote attackers to exploit a RCE flaw in websites using Laravel. I’v... 2021-02-21 08:37:37 | 阅读: 221 | 收藏 | infosecwriteups.com ignition php database meg attackers

FROM AWS S3 MISCONFIGURATION TO SENSITIVE DATA EXPOSURE Photo by Markus Spiske on UnsplashOften companies deploy third-party applications to store various m... 2021-02-19 21:15:21 | 阅读: 216 | 收藏 | infosecwriteups.com buckets bucketaws resumes amazonaws uncommon