The Invite That Lied: A Business Logic Flaw Hidden Behind LG’s Walls A business logic flaw that let anyone redirect an invitation, create accounts under a stolen identit... 2026-5-25 09:7:49 | 阅读: 19 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com invite attacker invited invitation testvictim

How I Found 2 Bugs on BBC’s Subdomains and Made It Into Their Hall of Fame Press enter or click to view image in full sizeA real case study in hyperlink injection and SSTI & t... 2026-5-25 09:7:20 | 阅读: 23 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com bbc injection hyperlink hall

How I Found 2 Bugs on BBC’s Subdomains and Made It Into Their Hall of Fame Press enter or click to view image in full sizeA real case study in hyperlink injection and SSTI & t... 2026-5-25 09:7:20 | 阅读: 15 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com bbc injection hyperlink boring

Building Another Vulnerable Lab — SSRF. Press enter or click to view image in full sizeThe previous blog was something that some of you real... 2026-5-25 09:6:6 | 阅读: 15 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com ssrf 3002 carstatus frontend

MonitorsFour HTB — HackTheBox Walkthrough | By Alham Rizvi Press enter or click to view image in full sizeHello everyone, This is Alham Rizvi again, finally th... 2026-5-25 09:5:49 | 阅读: 15 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com cacti htb jquery

Rejected but Rewarded — What a GraphQL Misconfiguration Taught Me About Bug Bounty Triage. Press enter or click to view image in full sizeBy kjuliusResponsible disclosure submitted. No mutati... 2026-5-25 09:5:9 | 阅读: 20 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com graphiql sizepoc triage mutation

Rejected but Rewarded — What a GraphQL Misconfiguration Taught Me About Bug Bounty Triage. Press enter or click to view image in full sizeBy kjuliusResponsible disclosure submitted. No mutati... 2026-5-25 09:5:9 | 阅读: 21 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com graphiql sizepoc triage mutation

Dev Diaries TryHackMe Walkthrough Press enter or click to view image in full sizeTask 1. ChallengeThe room starts with a simple OSINT... 2026-5-23 08:19:29 | 阅读: 39 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com github marvenly repository subdomain development

SSRF in APIs: How a Single URL Parameter Can Expose Internal Systems A single misconfigured URL parameter can allow an attacker to abuse server-side requests and potenti... 2026-5-23 08:19:23 | 阅读: 26 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com ssrf mechanic attackers outbound

SSRF in APIs: How a Single URL Parameter Can Expose Internal Systems A single misconfigured URL parameter can allow an attacker to abuse server-side requests and potenti... 2026-5-23 08:19:23 | 阅读: 23 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com ssrf security outbound waiter mechanic

Auth Mastery Part 1: Credential Types curl Handles The server tells you exactly which auth scheme it wants. Most people never read that line.Press ente... 2026-5-23 08:19:17 | 阅读: 18 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com digest realm 401 httpbin

How Hackers Are Manipulating AI Using Prompt Injection Before We Begin Let’s Understand What Even Is AI?Artificial Intelligence, in the context we’re talki... 2026-5-23 08:18:50 | 阅读: 19 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com magical prompts refers claude coherent

Ninja Skills — TryHackMe Walkthrough Press enter or click to view image in full sizeIntroductionSome people skip rooms like this because... 2026-5-23 08:18:35 | 阅读: 21 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com d8b3 bny0 x1uy 8v2l v2vb

Poster TryHackMe Walkthrough | PostgreSQL Exploitation & Privilege Escalation IntroductionIn this walkthrough, I solved the Poster room from TryHackMe. The room focuses on Postgr... 2026-5-23 08:18:27 | 阅读: 24 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com auxiliary alison searched sizethe database

A Simple Session Management Bug Every Beginner Bug Hunter Should Test. Press enter or click to view image in full sizeBy kjuliusWhen beginners start bug bounty hunting, mo... 2026-5-23 08:18:9 | 阅读: 18 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com logout sizepoc beginner continued

“Bug Bounty Bootcamp #38: SSRF Chaining — Bypassing Domain Whitelists with Open Redirects and PDF… You found an SSRF, but the server only allows URLs from trusted.com. Game over? Not if trusted.com h... 2026-5-23 08:18:0 | 阅读: 19 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com ssrf whitelist gate whitelists wall

Recon Isn’t Just Technical — It’s Psychological 2026-5-23 08:17:46 | 阅读: 22 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com humans forgotten stalk yeah weirdly

Recon Isn’t Just Technical — It’s Psychological 2026-5-23 08:17:46 | 阅读: 8 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com humans stalk forgotten panels permanent

Finding & Exploiting Exposed Google API Keys for Bug $Bounties Turn exposed Google API keys into real-world impact by accessing Gemini and other Google services fo... 2026-5-23 08:17:36 | 阅读: 21 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com gemini validating treated assumed

Finding & Exploiting Exposed Google API Keys for Bug $Bounties Turn exposed Google API keys into real-world impact by accessing Gemini and other Google services fo... 2026-5-23 08:17:36 | 阅读: 8 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com gemini automating discovering treated assumed