How I chained P4 To P2 [Open Redirection To Full Account Takeover] Hello everyone,I hope you are doing good. After a very long time I am back with a new article about... 2021-02-01 20:14:32 | 阅读: 242 | 收藏 | medium.com bugcrowd redirecturl injection redirection security

OTP login rate limit bypass- The easiest bug beginners could find. Hello friends,Today I am going to write about a vulnerability that may motivate some beginners who a... 2021-02-01 18:06:01 | 阅读: 277 | 收藏 | medium.com otp burp entering exceeded tampering

Bragging Rights(Part 1): Short story of a bug wave Hi my fellow hacker buddies, I hope you all are doing well. We have entered in a new year(finally) a... 2021-01-31 03:02:41 | 阅读: 280 | 收藏 | medium.com ssrf idor subdomain hardcoded username

Let’s know How I have explored the buried secrets in React Native application A new era in Android Reverse Engineering part-1Thanks for the huge response to my previous write-up.... 2021-01-29 05:05:41 | 阅读: 290 | 收藏 | medium.com reverse apk minified coded dex2jar

CRASH COURSE FOR FINDING SQL INJECTION IN WEBAPPS:PART 1 I agree manually finding SQL injection in web applications is difficult stuff and not easy to find.... 2021-01-28 19:21:50 | 阅读: 312 | 收藏 | medium.com database attacker injection username band

Business Logic Error Methodology (easy way) + PoC-s , or hacking the website’s functionality by editing HTML code on the flyI have found this type of bu... 2021-01-28 14:23:37 | 阅读: 230 | 收藏 | medium.com figuring buttons deleting lucky soft

Get paid by smuggling, the legal way The love story of Host Header Injection and HTTP Request SmugglingAs all of you smart and security-m... 2021-01-28 04:33:39 | 阅读: 233 | 收藏 | medium.com burp security

Hacking BugPoc’s 18 Game (XSS challenge) hosted by The XXS rat Why does my title say “Hacking” when it’s just an XSS challenge? Because I didn’t solve the challeng... 2021-01-21 18:19:16 | 阅读: 247 | 收藏 | medium.com pile winning bugpoc clicked opener

Site Defacement and Denial of Service via. Cross-Site Scripting Bypassing regex filtering in an Oracle product“Cross-site scripting (XSS) is perhaps the most well-k... 2021-01-21 05:40:37 | 阅读: 247 | 收藏 | medium.com payload ans client submission

[Bug Bounty] 600$ Info Disclosure: a token is not the same on all endpoints Hi y'all guys, I haven’t been writing for a long time as I focused more on bounties. Wanted to share... 2021-01-19 12:50:58 | 阅读: 224 | 收藏 | medium.com 2323 backup bypass

Exploiting Error Based SQL Injections & Bypassing Restrictions In this article, we will be learning how to escalate attacks when we are stuck with Error Based SQL... 2021-01-19 12:42:59 | 阅读: 443 | 收藏 | medium.com database injection 0aselect 2a 53elect

Guide to Bypassing MFA in 2020 As more applications and resources move to the cloud, organization’s are requiring multi-factor auth... 2021-01-13 05:37:14 | 阅读: 277 | 收藏 | medium.com bypass security bypassing client microsoft

eCPPTv2 Exam Review The penetration Testing domain has grown exponentially in the last couple of years and so the compet... 2021-01-13 02:34:48 | 阅读: 687 | 收藏 | medium.com pivoting overflow boxes remote

Finding bugs on Chess.com Finding vulnerabilities on the Chess.comHi hunters and folks, I’m a chess lover and almost use Chess... 2021-01-08 21:25:06 | 阅读: 317 | 收藏 | medium.com chess captcha disconnect hcaptcha solving

Hack crypto secrets from heap memory to exploit Android application Typically, There was no significant impact (in general the severity is low) for a Broken Cryptograph... 2021-01-08 21:24:56 | 阅读: 266 | 收藏 | medium.com hprof mat memory encryption heapdump

Yes. The Program Owner is correct at their place. Harsh Bothra·1 hour agoYes. The Program Owner is correct at their place. The issue described in this... 2021-01-07 19:12:18 | 阅读: 214 | 收藏 | medium.com victim agoyes bothra talks

The type of recon that you may skip on purpose, but this is why you shouldn’t , or why being too quick can lead to a false positiveI have a theory that this probably affects more... 2021-01-02 18:31:14 | 阅读: 240 | 收藏 | medium.com patience buttons reasonable worry burp

Facebook bug bounty (500 USD) : A blocked fundraiser organizer would be unable to view or remove… Hi All,This is a simple logical issue which I found in Facebook fundraiser feature. The blocking fea... 2021-01-01 05:53:25 | 阅读: 218 | 收藏 | medium.com victim fundraiser attacker organizer facebook

Breaking the Internet with Shodan: We love P1s! Hi my fellow hackers, my buddies! Welcome to my new blog! We are here, ending the year which we badl... 2020-12-31 21:35:54 | 阅读: 270 | 收藏 | medium.com dorks kibana ton putting dorking

Finding The Origin IP Behind CDNs Hello guys, It’s HolyBugx I started writing this after this tweet, as I saw many interested people w... 2020-12-31 06:22:25 | 阅读: 235 | 收藏 | medium.com historical favicon attackers security defenders