Exploiting the Gaps in Password Reset Verification 文章揭示了一个密码重置流程中的安全漏洞。攻击者可利用该漏洞通过不安全的令牌验证机制接管用户账户。... 2025-6-3 05:18:22 | 阅读: 13 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com security leaking curious door

Exploiting the Gaps in Password Reset Verification 文章揭示了一个密码重置流程中的安全漏洞。攻击者可利用该漏洞绕过验证机制，进而接管用户账户。... 2025-6-3 05:18:22 | 阅读: 10 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com security bigger limiting unusual silently

Top XSS POCs that made $50000 文章分享了通过顶级黑客发现的XSS漏洞案例，介绍了寻找漏洞的方法和技巧。主要内容包括：拦截文件上传请求（如Burp Suite中的POST /upload_file），检查请求中是否缺少CSRF令牌，并构造包含HTML和JavaScript代码的payload来实现跨站脚本攻击（如窃取cookies）。... 2025-6-3 05:18:13 | 阅读: 1 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com pocs xhttp 3hello ranked it4chis3c

Top XSS POCs that made $50000 文章介绍了一种通过XSS漏洞赚取漏洞赏金的方法,分享了顶级黑客发现的五个独特POC案例,并详细讲解了如何通过拦截文件上传请求、检测CSRF令牌缺失等方式寻找易受攻击的端点,以及利用XSS payload窃取目标Cookie的具体实现步骤。... 2025-6-3 05:18:13 | 阅读: 11 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com pocs xhttp earning ranked imagen

How to Start Bug Bounty with Zero Knowledge 2025-6-2 06:39:9 | 阅读: 17 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com

How to Start Bug Bounty with Zero Knowledge 2025-6-2 06:39:9 | 阅读: 13 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com

OSWE Web Hacking Tips (IPPSEC): My Study Journey #1 2025-6-2 06:38:1 | 阅读: 15 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com

Learning YARA: A Beginner SOC Analyst’s Notes 2025-6-2 06:36:44 | 阅读: 17 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com

Tilde Games: Exploiting 8.3 Shortnames on IIS Servers 2025-6-2 06:36:35 | 阅读: 17 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com

Tilde Games: Exploiting 8.3 Shortnames on IIS Servers 2025-6-2 06:36:35 | 阅读: 15 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com

$540 Bounty: How a Misconfigured Warning Endpoint in Apache Airflow Exposed DAG Secrets 2025-6-2 06:36:23 | 阅读: 18 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com

$540 Bounty: How a Misconfigured Warning Endpoint in Apache Airflow Exposed DAG Secrets 2025-6-2 06:36:23 | 阅读: 15 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com

From Forgot Password to Forgot Validation: A Broken Flow That Let Me Take Over Accounts 2025-6-2 06:36:13 | 阅读: 14 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com

From Forgot Password to Forgot Validation: A Broken Flow That Let Me Take Over Accounts 2025-6-2 06:36:13 | 阅读: 16 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com

From alert(1) to Real-world Impact: Hunting XSS Where Others Don’t Look 2025-6-2 06:35:56 | 阅读: 14 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com

From alert(1) to Real-world Impact: Hunting XSS Where Others Don’t Look 2025-6-2 06:35:56 | 阅读: 14 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com

Bug Bounty from Scratch | Everything You Need to Know About Bug Bounty 2025-6-2 06:35:22 | 阅读: 16 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com

Bug Bounty from Scratch | Everything You Need to Know About Bug Bounty 2025-6-2 06:35:22 | 阅读: 16 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com

My First P1 2025-6-2 06:33:48 | 阅读: 14 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com

My First P1 作者通过iScan.today发现GitHub令牌暴露在脚本中，测试后确认有效。利用该令牌获取高权限，并成功访问和克隆两个私有仓库。... 2025-6-2 06:33:48 | 阅读: 13 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com github username chatgpt keyadmin repos