Exploiting OAuth authentication vulnerabilities Part II Today I will show some techniques that can be used to exploit OAuth 2.0 and possibly allow an attack... 2022-9-4 02:9:53 | 阅读: 35 | 收藏 | infosecwriteups.com attacker client linking victim validated

OAuth 2.0 (Introduction and Exploitation Part I)Explained By Hashar Mujahid In this blog, I am going to explain how OAuth 2.0 works and what vulnerabilities can be raised if it... 2022-9-1 15:52:8 | 阅读: 27 | 收藏 | infosecwriteups.com carlos client signup security

Hack With SQL Injection Attacks! DVWA medium security — StackZero This is a very practical article that, If you have the patience to read until the end, will teach yo... 2022-8-30 19:47:59 | 阅读: 40 | 收藏 | infosecwriteups.com username security beautify beautified injection

SSRF — Exploitation 02 Successful Cyberattacks often start at the “Network Perimeter”.Now that we have covered the basics o... 2022-8-30 19:47:34 | 阅读: 38 | 收藏 | infosecwriteups.com network ssrf ssrfs cloud responds

Bypassing Amazon WAF to pop an alert() Hey everyone, its been a while since I published anything. This time, I’ll be sharing how I bypassed... 2022-8-29 18:33:27 | 阅读: 32 | 收藏 | infosecwriteups.com payload bracket arjun wordpress kxss

SSRF — The Server’s Loophole 01 Successful Cyberattacks often start at the “Network Perimeter”.As a company grows, it becomes increa... 2022-8-28 04:30:50 | 阅读: 27 | 收藏 | infosecwriteups.com ssrf network attacker perimeter proxy

Server Side Template Injections Portswiggers Labs Walkthrough Part III Hi, My name is Hashar Mujahid, Today we are going to solve some more SSTI labs from Portswiggers. If... 2022-8-28 04:30:19 | 阅读: 49 | 收藏 | infosecwriteups.com carlos payload injection setavatar avatarlink

SSRF leads to access AWS metadata. Hi Mates, I am Akash Patil (@skypatil98) from India. I am in the bug bounty field from the last 2.5... 2022-8-27 19:18:5 | 阅读: 67 | 收藏 | infosecwriteups.com reducted proxy ssrf throwing attacker

$7000 Bounty, Web3 Bug Hunting, API Hacking, IDOR, Triggering XSS with emojis, XSS Flyer, and much… 2022-8-27 14:41:26 | 阅读: 40 | 收藏 | infosecwriteups.com newsletter kumar web3 siddharth corey

Sometimes times the best hack is no hack at all — $2900 Shopify Bug Bounty Access control is key.Photo by Ashin K Suresh on UnsplashBroken Access Control was listed by the Ope... 2022-8-26 15:58:17 | 阅读: 31 | 收藏 | infosecwriteups.com elevation 0x50d security shopify 2900

Bypassing unexpected IDOR Hello guys, I am back again with another writeup on my very recent bug finding on HackerOne Private... 2022-8-26 14:57:24 | 阅读: 27 | 收藏 | infosecwriteups.com idor attacker intresting victim retire

Stored XSS using SVG file Hey guys, hope you all are doing well. I am Bharat Singh a Security Researcher and bug hunter from I... 2022-8-26 14:56:52 | 阅读: 31 | 收藏 | infosecwriteups.com bharat graphics hanging quiet security

Break the Logic: 5 Different Perspectives in Single Page (€1500) Hello everyone. Today I’m going to talk about five different vulnerabilities that I found on a singl... 2022-8-26 14:55:59 | 阅读: 15 | 收藏 | infosecwriteups.com residential clicked parents household burp

This SIMPLE trick will exploit image uploads - $2500 TikTok bug bounty. Stored XSS in SVG files.DALL·E “Cyberpunk digital art of a hacker on a computer.”SummaryCross-site S... 2022-8-25 19:22:10 | 阅读: 34 | 收藏 | infosecwriteups.com payload sinayeganeh graphics ghostlulz stroke

Server Side Template Injections Portswiggers Labs Walkthrough. SSTIHi my name is Hashar Mujahid. Today we are going to solve some labs regarding server-side templa... 2022-8-25 18:19:38 | 阅读: 38 | 收藏 | infosecwriteups.com preferred tornado payload injection morale

Cool Recon techniques every hacker misses! Welcome to this article! This article is about some cool recon techniques every hacker misses! Tight... 2022-8-25 18:18:46 | 阅读: 32 | 收藏 | infosecwriteups.com subdomain nrich naabu favicon meg

Break the Logic: Insecure Parameters (€300) Hello everyone. Today, I’m going to talk about two minor vulnerabilities based on insecure parameter... 2022-8-24 21:6:31 | 阅读: 26 | 收藏 | infosecwriteups.com approved bypassing tick burp entered

First Bug Bounty from DOS: Taking the service down Hello friends, This is Faique, a security researcher & an ethical hacker from India, and this is a j... 2022-8-22 19:14:36 | 阅读: 25 | 收藏 | infosecwriteups.com hunt newbie tips trouble hunters

Account takeover worth $1000 Hello everyone, I am Faique a bug bounty hunter from India and I welcome you to my write-up on how I... 2022-8-22 19:14:21 | 阅读: 22 | 收藏 | infosecwriteups.com security github invite repeater

IW Weekly #17: $30,000 Bounty, Instagram Account Takeover, AWS Security Series, Google… 2022-8-18 16:18:8 | 阅读: 21 | 收藏 | infosecwriteups.com newsletter nithin github kumar