Account Takeover (User + Admin) Via Password Reset I’m Hemant Patidar, Final Year B.Tech - Civil Engineering Student at SRMIST, Chennai.A Civil Enginee... 2021-08-09 17:06:15 | 阅读: 39 | 收藏 | infosecwriteups.com consecutive attacker 12346 civil hemant

Exploiting JWT to Account Takeover Hey Cyberpunks, Ethical Kaps here, I’m back again with another powerful article. I hope you all are... 2021-08-09 17:06:12 | 阅读: 56 | 收藏 | infosecwriteups.com kaps hunt hs256 till grasp

What is BOLA? 3-digit bounty from Topcoder ($$$) Hello everyone.This write-up will be about Broken Object Level Authorization (BOLA), which is #1 top... 2021-08-09 14:21:09 | 阅读: 22 | 收藏 | infosecwriteups.com topcoder bola victim security pii

XXE in Public Transport Ticketing Mobile APP This finding was an another private bug bounty program. The scope of the target was a ticketing andr... 2021-08-09 14:12:30 | 阅读: 66 | 收藏 | infosecwriteups.com payload ssh ticketing passwdsince curious

Gaining Access To GCP Of Google Stadia — 500$ Bounty IntroductionFirst of all, I must admit that the story is a bit old. It took place in July 2019.At th... 2021-08-07 18:24:31 | 阅读: 65 | 收藏 | infosecwriteups.com cloud buckets gcloud github identify

Cap-HTB| writeup, HackTheBox This is my writeup for the ‘Love’ box found on HackTheBoxNmap scan report for 10.10.10.245Host is up... 2021-08-04 01:42:36 | 阅读: 156 | 收藏 | infosecwriteups.com ssh 245 gobuster b2 raft

Google Bug Bounty: $500 worth client-side DoS on Google Keep A write-up about a Client-Side DoS on Keep that allowed me to block any user from accessing their ke... 2021-07-30 19:37:30 | 阅读: 38 | 收藏 | infosecwriteups.com client Ⱦs 23pm rewarded payload

Unauthenticated Access To MongoDB Database of Oracle Corporation Hello everyone, today I will be talking about one of the critical bugs which I found in the Oracle C... 2021-07-30 18:34:39 | 阅读: 38 | 收藏 | infosecwriteups.com stag hall database fame findomain

You will never be able to register or login at redacted.com Hello, It’s me Bikram Kharal from Nepal.I am infosec learner and engineering student.Today I will be... 2021-07-30 18:34:29 | 阅读: 28 | 收藏 | infosecwriteups.com username limiting clicked hunt bikram

My First Instagram Bug Bounty Report Something is better than nothing, even if it is less than one wanted.Photo by Kvalifik on UnsplashJu... 2021-07-30 02:32:08 | 阅读: 51 | 收藏 | infosecwriteups.com phones him telling tabs letter

How I could have hacked your medium account by phishing your FB, Twitter & Google credentials. Hi There,Renganathan here.This write-up is about the vulnerability that I found on Medium which will... 2021-07-30 01:29:11 | 阅读: 53 | 收藏 | infosecwriteups.com hall fame redirection credited humans

Breaking Application’s Logic to DOS Attack Hey guys,Recently I had found a bug which was fine enough to deserve this post. So, I thought of wri... 2021-07-25 19:46:35 | 阅读: 65 | 收藏 | infosecwriteups.com idor 310 sequential behaviour network

Pre-Account Takeover by Reversing a Weak Email Verification Token Algorithm I spoofed access to other people’s email in order to pre-steal user accounts before they are first r... 2021-07-23 17:36:59 | 阅读: 82 | 收藏 | infosecwriteups.com facebook digit victim validated attacker

IDOR on API endpoints. Hey guys,I’m here to share my recent finding on a website which pulls me to pen down my first post.... 2021-07-23 17:35:57 | 阅读: 89 | 收藏 | infosecwriteups.com 2150 2nd idor educational deletion

Pentesting iOS| Starting With iOS Emulator Corellium & Re-signing IPA Corellium provided virtual iOS-based devices for individual accounts on our groundbreaking security... 2021-07-23 17:33:16 | 阅读: 281 | 收藏 | infosecwriteups.com ipa corellium myriam download

Exploiting XSS with Cool Tricks Hey Cyberpunks, Ethical Kaps here, I’m back again with another powerful article. I hope you all are... 2021-07-20 17:23:11 | 阅读: 134 | 收藏 | infosecwriteups.com stuffs specifying enjoyed developers

OTP Bypass via Response Manipulation Hello Hackers,Hope you guys Doing well and hunting lots of bugs and Dollars !Well, so for today I’m... 2021-07-20 02:08:47 | 阅读: 168 | 收藏 | infosecwriteups.com otp bypass 9999999999 paytm mismatch

First Bug Bounty Ever : SQL Injection! Hello there, I am Veshraj Ghimire all the way from Nepal. This is my first bounty write up. In this... 2021-07-17 02:55:09 | 阅读: 157 | 收藏 | infosecwriteups.com database jbscategory excited 1st subfinder

Power Of Recon: Easy Win (Vim Attack) Hello there, I am Veshraj Ghimire all the way from Nepal. This is my second write up and in this wri... 2021-07-17 02:55:07 | 阅读: 140 | 收藏 | infosecwriteups.com swp wp confused informative fearing

Logical Flaw Resulting Path Hijacking Hello, amazing peoples, hope you are doing well, I am back with my new writeup. In this write-up, I... 2021-07-16 18:32:47 | 阅读: 114 | 收藏 | infosecwriteups.com php signup username signin visiting