Unauthenticated Account Takeover Through HTTP Leak I used “app” keyword in place of application name as it was private program.While testing a forget p... 2020-11-20 04:37:40 | 阅读: 249 | 收藏 | medium.com attacker emailbody victim sanitized injection

CVE-2020–24723 Tale of Stored XSS Leads to admin account takeoverMayur ParmarNov 17 · 2 min readCVE:https://cve.mit... 2020-11-19 19:34:03 | 阅读: 272 | 收藏 | medium.com th3cyb3rc0p payload phpgurukul enhttps parmar

2FA Bypass On Instagram Through A Vulnerable Endpoint This report is about the missing 2FA check on Instagram login when a user uses the ‘Secure account h... 2020-11-19 01:42:09 | 阅读: 296 | 收藏 | medium.com victim attacker replaces security

User’s private watched videos’ List, saved videos, etc. This writeup is about a vulnerability exposing user’s private watched videos list, saved videos, sha... 2020-11-18 18:37:15 | 阅读: 233 | 收藏 | medium.com facebook unlocking watched thursday intruder

Javascript Files Recon A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and... 2020-11-18 01:58:23 | 阅读: 342 | 收藏 | medium.com nutshell publication hackrew ups bounties

Automating XSS using Dalfox, GF and Waybackurls 2020-11-17 17:06:35 | 阅读: 853 | 收藏 | medium.com testphp gf bybuilding maintained testxss

Optimizing Hunting Results in VDP for use in Bug Bounty Programs — From Sensitive Information… As usual, I will try to release this write-up with two different approaches, which are:For those who... 2020-11-17 11:05:45 | 阅读: 225 | 收藏 | medium.com tld inshaallah subdomain jira

Getting Started with Penetration Testing and dealing with everyday Mood and Motivation It’s all about the right Mindset and Consistency!I would assume you already know what Penetration Te... 2020-11-17 03:18:18 | 阅读: 337 | 收藏 | medium.com hackthebox vulnhubs earn hackerone

Attacking JSON Web Tokens (JWTs) Forge the token to gain unauthorized access!Made by me :)JSON Web Token is commonly used for authori... 2020-11-16 22:14:17 | 阅读: 289 | 收藏 | medium.com hs256 rs256 python3 jwks payload

CLICKJACKING TO OBTAIN LOGIN CREDENTIALS Hey guys! Hope you all are doing fine. As I was approached by many community members asking to share... 2020-11-15 20:11:57 | 阅读: 275 | 收藏 | medium.com guys hijacking persisted attacker

What it takes to find bugs in bounties! Hi fellow hackers, I hope you all are hunting on your favorite targets and finding bugs. Even if you... 2020-11-14 19:42:56 | 阅读: 267 | 收藏 | medium.com burp bounties checklist ssrf vulns

Evading Filters to perform the Arbitrary URL Redirection Attack Arbitrary URL Redirection Attack often is popularly known as an Open Redirection attack, which is a... 2020-11-12 22:39:37 | 阅读: 315 | 收藏 | medium.com redirection validating attacker happening 2899905732

Chaining password reset link poisoning, IDOR+account information leakage to achieve account… Mase289Nov 10 · 3 min readWhile assessing a target web application for impactful vulnerabilities, a... 2020-11-10 18:03:39 | 阅读: 228 | 收藏 | medium.com victim attacker resettoken

Wacky XSS challenge with amazon (by bugpoc) Hey, welcome to the write up for wacky XSS challenge. Throughout the write-up, i will try to not to... 2020-11-10 16:36:47 | 阅读: 261 | 收藏 | medium.com payload bugpoc wont redir

Understanding & Exploiting: Cross-Site Request Forgery — CSRF vulnerabilities Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unintended actions... 2020-11-07 18:27:51 | 阅读: 277 | 收藏 | medium.com victim attacker tied accordance referrer

How to start Bug Bounty? 1. Scope domainFinding roots (show in-scope targets(subdomains) in bug bounty platform; like HackerO... 2020-11-06 03:51:02 | 阅读: 307 | 收藏 | medium.com subdomain github subfinder spiders

My First Bug Bounty Reward The happiest moment for any hunter. What I did, a few strategies and resources to start withPhoto by... 2020-11-03 07:11:02 | 阅读: 271 | 收藏 | medium.com facebook crazy subdomain barely mistake

Directory Fuzzing Let python automate your work!Image by c0d3x27 all right reserved.When fuzzing a subdomain, You may... 2020-11-03 06:06:52 | 阅读: 386 | 收藏 | medium.com subdomain httpsurl robots urllib3

How I Did Full Account Takeover By Clickjacking Hello everyone today I am going to tell you how I did from Clickjacking to full account takeover so... 2020-11-03 05:08:59 | 阅读: 315 | 收藏 | medium.com invisible malicious unwittingly hall

Identifying & Escalating HTTP Host Header Injection attacks The purpose of the HTTP Host header is to help identify which back-end component the client wants to... 2020-10-31 04:16:17 | 阅读: 274 | 收藏 | medium.com attacker victim wrapping inject