Not Applicable: Homograph Attack via Whatsapp Status The IDN (Internationalized Domain Name): https://fаcebook.com/is a homograph for the Latin https://x... 2021-05-23 18:04:12 | 阅读: 156 | 收藏 | infosecwriteups.com punycode homograph fаcebook bugzilla facebook

All about Information disclosure Hello Hackers,Hope you guys Doing well and hunting lots of bugs and Dollars !Well, let’s start and l... 2021-05-23 17:47:13 | 阅读: 174 | 收藏 | infosecwriteups.com hackerone username dorking reveal

Apple Bug bounty writeups XSS(2021) https://hackerone.com/kamikaze?type=userGet apple’s reachable host from censys.ioSearch query: 17.0.... 2021-05-23 15:45:14 | 阅读: 324 | 收藏 | infosecwriteups.com censys reachable github apple3 payload

OWASP Top 10: 1-Injection When OWASP talks about injection flaws it’s refering to flaws that allow for anything ranging from l... 2021-05-23 15:44:13 | 阅读: 216 | 收藏 | infosecwriteups.com injection developer database sanitize windows

Finding my First Critical Web Cache Poisoning Hey Fam! Hope you and your family are doing well amid this pandemic. This story is about the approac... 2021-05-22 00:10:05 | 阅读: 158 | 收藏 | infosecwriteups.com poisoning miner identify burp attacker

Third-Party Apps were still getting your private Facebook data even after their access expiry. …Hello; I am Samip Aryal from Nepal and this writeup is about a vulnerability where access of Third-... 2021-05-22 00:09:35 | 阅读: 415 | 收藏 | infosecwriteups.com facebook friend userb usera expired

Exploiting Activity in medium android app Hello friends I am Raju Kumar A.k.a Mrcyberwarrior. Let’s come to the story, I found vulnerabilities... 2021-05-22 00:09:20 | 阅读: 162 | 收藏 | infosecwriteups.com attacker jadx

Writeups: Facebook Whitehat program(2021): Instagram Live setting bug Instagram live’s archived setting turns on automatically after IG user ends live video even if IG us... 2021-05-20 22:58:57 | 阅读: 141 | 收藏 | infosecwriteups.com ig creator ends ended archived

RECON FOR DUMMIES Hey everyone, I hope you all are doing good. Now as i said i will be writing about creating my own r... 2021-05-20 13:52:03 | 阅读: 180 | 收藏 | infosecwriteups.com reconftw waybackurls linkfinder httprobe subdomain

How to bypass encryption mechanism in Android apps Original artwork by raywenderlich.comHi Folks, hope you are well. As you know developers and pentest... 2021-05-17 22:25:39 | 阅读: 210 | 收藏 | infosecwriteups.com encryption decrypted b3nac ciphertext apk

Uncle Rat’s (Almost) Full Guide To XXE XXE is one of my favourite attack types because it’s usually hidden below a surface level concealmen... 2021-05-17 17:47:33 | 阅读: 260 | 收藏 | infosecwriteups.com xlink postalcode hacktricks ofcourse 0content

Broken Authentication: It’s Not What You Think Is! The OWASP Definition of broken authentication goes very deep and while this is not usually a problem... 2021-05-17 17:47:25 | 阅读: 114 | 收藏 | infosecwriteups.com passwords attacker security hunters

Pentesting ISP 101 | How I hacked & fixed My ISP This blog is about the misconfiguration issue in the ISP I was using. While working on Shodan, I dis... 2021-05-17 04:21:53 | 阅读: 185 | 收藏 | infosecwriteups.com modem sweep nmap routers victim

Complex OPEN REDIRECT Exploitation Hi readers,I wrote about my first unique open redirect vulnerability in my previous write-up. You ca... 2021-05-17 04:21:29 | 阅读: 172 | 收藏 | infosecwriteups.com shop stage xxxxxxxxxxx username escalating

Insecure Deserialization: It’s super hard! Or is it? Insecure deserialisation is often seen as a very hard vulnerability type but it doesn’t have to be.... 2021-05-17 04:21:14 | 阅读: 202 | 收藏 | infosecwriteups.com php portswigger serialized carlos isloggedin

2FA Bypass via Forced Browsing Photo from avinetworks.comHi readers!I am Akhil, a student and Bug Bounty hunter. Today I would like... 2021-05-16 20:09:10 | 阅读: 159 | 收藏 | infosecwriteups.com signup otp forced akhil account6

Abusing Two Factor Authentication Two-Factor Authentication (2FA) is sometimes called multiple-factor authentication. … Adding one mor... 2021-05-16 17:48:23 | 阅读: 145 | 收藏 | infosecwriteups.com otp burp bypass leaking

Injecting Punycode URL Within the Arbitrary Text via Comment Box In Google Photo Sharing Option HTML injection is a type of injection vulnerability that occurs when a user is controlling an input... 2021-05-16 17:46:00 | 阅读: 164 | 收藏 | infosecwriteups.com punycode attacker inject d0 injection

Stored XSS to Organisation Takeover TL;DR: This is a writeup about how I did an Organisation takeover on one of the leading VoIP compani... 2021-05-16 17:45:12 | 阅读: 195 | 收藏 | infosecwriteups.com payload getitem s1600 burp

My bug bounty journey. The mind of a middle-class boy who wanted everything for free. Hello everyone,My name is Vivek. I am currently working as a software developer in a private company... 2021-05-13 18:30:11 | 阅读: 163 | 收藏 | infosecwriteups.com developer airtel microsoft software excited