IW Weekly #16: AWS Vulnerability, Threat Hunting, Reflected XSS, Pentesting Resource, Command… 2022-8-16 15:10:54 | 阅读: 29 | 收藏 | infosecwriteups.com newsletter security singh ambassadors

Salesforce bug hunting to Critical bug Or how I learned that some bugs are truly rareAh, yes, third party is 9 out of 10 times out of scope... 2022-8-15 19:36:5 | 阅读: 31 | 收藏 | infosecwriteups.com salesforce aura p4 bbp p3

Irremovable guest in facebook event — Facebook bug bounty Hello Everyone, This is Rajiv Gyawali from Butwal, Nepal. This is a story of one of my finding on fa... 2022-8-15 18:34:42 | 阅读: 18 | 收藏 | infosecwriteups.com facebook writeups fb4a rajiv

Server Side Template Injections By Hashar Mujahid. In this blog, we are going to learn bout what server-side template injections are and how they work... 2022-8-13 15:49:6 | 阅读: 26 | 收藏 | infosecwriteups.com injection ssti attacker erb morale

Stored XSS to Account Takeover : Going beyond document.cookie (Dumping IndexedDB) IntroductionHi, I am Syed Mushfik Hasan Tahsin aka SMHTahsin33, a 18 Y/O Cyber Security Enthusiast f... 2022-8-9 23:4:5 | 阅读: 29 | 收藏 | infosecwriteups.com indexeddb objectstore onsuccess payload

Enterprise: Active Directory Room From TryHackMe By You just landed in an internal network. You scan the network and there’s only the Domain Controller…... 2022-8-8 01:4:13 | 阅读: 45 | 收藏 | infosecwriteups.com nmap thm github winpeas payload

How i was able to get 29 free products. | Bug Bounty First of all, What is a race condition ?Race condition occurs when two or more threads can access sh... 2022-8-6 14:21:5 | 阅读: 37 | 收藏 | infosecwriteups.com quantity idor basket baeldung transferred

Another day, Another IDOR vulnerability— $5000 Reddit Bug Bounty Gaining unprivileged access to Reddit moderator logsPhoto by Susan Q Yin on UnsplashHere we go. Agai... 2022-8-6 13:22:32 | 阅读: 47 | 收藏 | infosecwriteups.com subreddit reddit moderator idor hackerone

This is how he could hijack Reddit accounts with just ONE click: a $10,000 bug bounty Exploring Frans Rosén’s bypass of OAuth securityHijacking a random user’s account can be a dream goa... 2022-8-4 19:34:3 | 阅读: 53 | 收藏 | infosecwriteups.com rosén attacker reddit victim hijacking

Abusing URL Shortners for fun and profit Photo by Boitumelo Phetla on UnsplashHello Security ResearchersHave you ever encountered a bug where... 2022-8-3 20:44:35 | 阅读: 24 | 收藏 | infosecwriteups.com shortners cr ato 301 logins

Multiple bugs in one program leads to 1500€ Hi, today I‘m going to talk about three basic vulnerabilities that I discovered in the same program... 2022-8-3 20:44:21 | 阅读: 30 | 收藏 | infosecwriteups.com client missions caught mission attackers

Is CSRF really dead? Examining Stripe’s $5000 CSRF bug bounty. Testing for CSRF can be worth it.CSRF (pronounced sea-surf hehe), or rather client-side request forg... 2022-8-2 18:50:50 | 阅读: 25 | 收藏 | infosecwriteups.com stripe attacker client security rewarded

Zero-day XSS Indian RailwaysHello Cyber Security Enthusiast. I’m back again with another article of XSS. In this... 2022-8-1 14:27:0 | 阅读: 66 | 收藏 | infosecwriteups.com popup indian remote injection inject

Why this EASY vulnerability resulted in a $20,000 bug bounty from GitLab The hidden dangers of numerical IDsWeb applications have so many different objects, and it’s importa... 2022-8-1 14:24:18 | 阅读: 23 | 收藏 | infosecwriteups.com gitlab saltyyolk attacker numerical idor

This SIMPLE vulnerability in Shopify earned a $2500 bug bounty Don’t forget to check for user access rightsOne of the most common vulnerabilities occur when a user... 2022-8-1 14:24:5 | 阅读: 24 | 收藏 | infosecwriteups.com zambo hackerone shopify craiyon

GSuite domain takeover through delegation It is not rare for a modern web application to have OAuth integrations, each of them requires specif... 2022-7-30 16:38:16 | 阅读: 33 | 收藏 | infosecwriteups.com gsuite cloud behalf delegation security

How this team accidentally found a SSRF in Slack exposing AWS credentials! A $4000 bug bounty Complex libraries lead to hidden attack vectorsThis is an inspiring story for all bug bounty hunters... 2022-7-29 19:51:51 | 阅读: 26 | 收藏 | infosecwriteups.com libreoffice ole brett spreadsheet epfs

Why this SIMPLE mistake earned a $5000 bug bounty from Reddit Moral of the story — be careful when you refactor codeRefactoring code is common place, especially a... 2022-7-28 16:4:48 | 阅读: 17 | 收藏 | infosecwriteups.com reddit bisesh approved approval security

How a Race Condition made these crypto hackers $5000 bug bounty Moral of the story — test concurrent requestsI wrote about race conditions in a previous article tit... 2022-7-27 15:22:45 | 阅读: 284 | 收藏 | infosecwriteups.com starport github alice faucet hackerone

IW Weekly #11: Hacking Nginx, eJPT2.0, Free Hacking Resources, OWASP API, and more 2022-7-26 19:6:6 | 阅读: 33 | 收藏 | infosecwriteups.com newsletter mx amazing musana weekend