How I exploit the JSON CSRF with method override technique CSRF(Cross-Site Request Forgery) is a kind of web application vulnerability, using this a malevolent... 2020-12-25 02:47:18 | 阅读: 270 | 收藏 | medium.com fortified satisfied 2nd behaviour

Facebook bug Bounty -Finding the hidden members of the private events. Hi All,I am Vivek. This is about a bug that I found in the Facebook private events. I reported almos... 2020-12-23 14:28:24 | 阅读: 196 | 收藏 | medium.com facebook victim remembered informative

How I hacked Facebook: Part One I never found a vulnerability on one of Facebook subdomains, and I took a look at some writeups and... 2020-12-17 14:35:29 | 阅读: 258 | 收藏 | medium.com tapprd facebook okay sso

Remote Sensitive Data Exposure over *.unesco.org, thanks to Options Bleed Catching a low-hanging juicy fruit through Options BleedDate reported — 02–07–2019# Vulnerable Softw... 2020-12-17 13:43:49 | 阅读: 216 | 收藏 | medium.com unesco kerb bleed seemed

Intigriti’s December XSS Challenge 2020 (unintended solution) Mozilla warningMy idea was to somehow compile a payload in the operation variable, so it gets execut... 2020-12-15 12:10:19 | 阅读: 260 | 收藏 | medium.com num1 num2 intigriti 1220 payload

Content-Security-Policy Bypass to perform XSS Recently, I performed a Cross Site Scripting vulnerability, however a normal XSS payload wasn’t bein... 2020-12-15 12:10:09 | 阅读: 226 | 收藏 | medium.com payload php countdown attacker security

Identifying & Exploiting SQL Injection: Manual & Automated In this article, we will start by Identifying the SQL Injection vulnerabilities & how to exploit the... 2020-12-13 16:35:50 | 阅读: 240 | 收藏 | medium.com database sqlmap fig acuart injection

Sensitive data exposure through GitHub: A deep dive into bug ocean Hello my hacker buddies, I hope you all are doing great. Keep finding bugs and even if you are not f... 2020-12-10 03:35:02 | 阅读: 205 | 收藏 | medium.com dorks github dorking repository anyways

Chaining vulnerabilities lead to account takeover In this write-up, I will explain how I was able to chain five vulnerabilities that lead to one link... 2020-12-05 09:50:33 | 阅读: 242 | 收藏 | medium.com leakage client weird

Applying the old school hacking to bug hunting Or, documentation + source code = knowledge, profit(?)I’m a big fan of the old school approach to ha... 2020-12-02 09:46:43 | 阅读: 261 | 收藏 | medium.com jira ffuf wappalyzer slashes pfed

The YouTube bug that allowed unlisted uploads to any channel It was late June when I received an invitation to test out a new product from YouTube: a video build... 2020-12-01 07:37:09 | 阅读: 264 | 收藏 | medium.com youtube 6e4b unlisted beca

Bcrypt — Account TakeOver Due To Weak Encryption — #HR51KDB Hey Fellas! I hope you all are doing good and safe. Thank you so much for showing your interest in m... 2020-11-29 22:08:10 | 阅读: 288 | 收藏 | medium.com otp bcrypt otppassword debcrypt ato

Testing for Directory or Path Traversal Vulnerabilities In this article, we’ll be discussing, how to perform Directory Traversal or Path Traversal attacks,... 2020-11-29 20:06:26 | 阅读: 330 | 收藏 | medium.com windows testsite sequences slash attacker

Reflected Cross Site Scripting on Private Program (Bounty:750$) Hi guys, this is my first english write-up, so I’m sorry for my bad english grammar.Obviously, I dis... 2020-11-27 16:03:12 | 阅读: 271 | 收藏 | medium.com sorry exploring payload blur guys

Beginners Guide: VPS Setup for Bug Bounty Recon Automation Hello, All. My name is Ranjan. I am a final year CS undergrad and a part-time bug bounty hunter. Due... 2020-11-25 19:22:28 | 阅读: 405 | 收藏 | medium.com ssh cloud username bothra

How I Found The Facebook Messenger Leaking Access Token Of Million Users Hi everyone,This blog is about how I found the Facebook Messenger iOS App Leaking Access Token Of Mi... 2020-11-23 09:30:29 | 阅读: 293 | 收藏 | medium.com facebook messenger burp texted leaking

The First Bounty Target (Disclosing Multiple Reports) Hello,First of all, sorry for not posting for such a long period of time. I was really busy in this... 2020-11-22 07:22:41 | 阅读: 286 | 收藏 | medium.com burp victim posting pii ordered

Interesting case of SQLi Hey everyone, didn’t get time this year to blog about my findings. But this one, I found around 2–3... 2020-11-22 05:18:43 | 阅读: 281 | 收藏 | medium.com bla synack youtube invoicing

SOAP- Based Unauthenticated Out-of-Band XML External Entity (OOB-XXE) in a Help Desk Software I omitted the application name as it was private program.While registering for an application, i hav... 2020-11-22 03:21:17 | 阅读: 321 | 收藏 | medium.com passwd sessionid wsdl rrr asd

Commenting on a post by opening it via page’s news-feed goes from a wrong actor (i.e. This writeup is about an easy catch in Facebook Lite that led me to win a bug bounty from Facebook u... 2020-11-21 19:34:23 | 阅读: 306 | 收藏 | medium.com facebook friday wednesday 2020asked saturday