unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
CVE-2020–10965 : Unauthenticated Admin Password Reset
Hello folks,A vulnerability was identified in the default admin account’s Login/ResetAdminPassword f...
2023-3-24 23:45:43 | 阅读: 41 |
收藏
|
Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com
attacker
resets
Account Takeover Via Poising Forget Password Port in ASDA
Hi amazing researcher, Welcome to another review of the vulnerability discovery on ASDA. Today I wan...
2023-3-23 21:31:36 | 阅读: 34 |
收藏
|
Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com
attacker
poisoning
php
victim
dangling
Default Credentials on Sony- Swag Time
Hi Guys, Again I'm here to review another of my finding on the Sony program, This write-up is about...
2023-3-23 20:28:57 | 阅读: 22 |
收藏
|
Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com
sony
cidrs
asns
python
8443
Unauthorized Access To Admin Panel via Swagger
Hi guys, My name is Arman and you know me as M7arm4n. Today I want to talk about how I was able to a...
2023-3-23 20:28:51 | 阅读: 26 |
收藏
|
Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com
coca
swagger
cup
ffuf
cola
Zero Click To Account Takeover (IDOR + XSS)
Hello dear friends, This write-up is about one of my findings on BugCrowd’s programs that lead attac...
2023-3-23 20:28:46 | 阅读: 22 |
收藏
|
Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com
victim
idor
mi
Understanding CVE-2023–23397: The Microsoft Outlook Vulnerability You Need to Know About
undraw.coA critical vulnerability in Microsoft Outlook, CVE-2023–23397, has recently been identified...
2023-3-21 23:53:47 | 阅读: 31 |
收藏
|
Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com
microsoft
23397
malicious
security
sounds
Reflected XSS on Admin Login Page
Hi! I’m Aswin,security researcher and a penetration tester.Here we are discussing reflected XSS in a...
2023-3-21 23:52:59 | 阅读: 18 |
收藏
|
Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com
payload
attacker
a6
mirrored
aswin
A Game-Changing Tool for Bug Bounty Hunters and Security Researchers
https://github.com/projectdiscovery/nucleiIn the ever-evolving landscape of cybersecurity, staying a...
2023-3-20 13:11:43 | 阅读: 12 |
收藏
|
Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com
nuclei
security
Stripe’s Two-Factor Authentication (2FA) Bypass
Hello Everyone,Two-factor authentication (2FA) is a particular kind of multi-factor authentication (...
2023-3-20 13:9:35 | 阅读: 30 |
收藏
|
Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com
attacker
stripe
security
Anatomy of a Reflected XSS: My Discovery on a Microsoft’s Subdomain
A few days ago, while browsing the website visualstudio.microsoft.com[1], I performed some tests on...
2023-3-17 17:33:30 | 阅读: 14 |
收藏
|
Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com
security
2nd
microsoft
encodings
regional
How I Got Free Travel on Namma Metro
As someone who uses public transportation regularly, I rely on it to get me where I need to go quick...
2023-3-17 17:32:13 | 阅读: 17 |
收藏
|
Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com
metro
namma
qr
passengers
lohigowda
Bypassing Character Limit — XSS Using Spanned Payload
Hello, I am Syed Mushfik Hasan Tahsin aka SMHTahsin33, an 18 Y/O Cyber Security Enthusiast from Bang...
2023-3-16 03:20:52 | 阅读: 20 |
收藏
|
Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com
popup
quotation
exfiltrate
payload
Zero to Hero: DOM XSS
This is the first blog of my series “Zero to Hero”. I am a beginner bug bounty hunter and have repor...
2023-3-14 19:23:12 | 阅读: 18 |
收藏
|
Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com
malicious
invader
waybackurls
victim
rgipt
How I Leak Other’s Access Token by Exploiting Evil Deeplink Flaw
Deep linking has become a crucial aspect of modern mobile app development, allowing for seamless nav...
2023-3-13 17:32:3 | 阅读: 20 |
收藏
|
Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com
deeplink
str4
c0965a
subredacted
str2
Subdomain takeover on open.itu.edu via Shopify
Hello everyone! This article was originally written around December of 2022. After writing the draft...
2023-3-13 16:8:48 | 阅读: 47 |
收藏
|
Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com
subdomain
itu
github
shopify
XXE with ChatGPT
Generate Custom XXE Payloads with AIXXE (XML External Entity) is a type of vulnerability that allows...
2023-3-13 11:34:58 | 阅读: 93 |
收藏
|
Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com
xlsx
burp
payload
chatgpt
Hard-Coded credentials in Android app
In the Android, application it is a package called apk(android package kit), it is similar to a zip-...
2023-3-11 22:31:59 | 阅读: 19 |
收藏
|
Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com
apk
jadx
denny
apktool
Account Takeover: An Epic Bug Bounty Story
Hello Folks! I am back after a long time with an interesting (pre) Account Takeover bug and how I ch...
2023-3-11 08:16:48 | 阅读: 23 |
收藏
|
Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com
victim
attacker
username
otp
cyborj27
Bypassing Asymmetric Client Side Encryption Without Private Key
KeysI recently wrote an article on how we can bypass client-side encryption. With the help of the Py...
2023-3-11 04:11:27 | 阅读: 23 |
收藏
|
Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com
encryption
burp
pycript
proxy
forge
ChatGPT for Bug Bounty: Faster Hunting and Reporting
Save Time, Learn Technical Skills, and Write Effective Reports with AI-Powered ChatGPTIf you’re new...
2023-3-11 03:29:55 | 阅读: 91 |
收藏
|
Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com
chatgpt
rewards
summarize
maximize
attacker
Previous
50
51
52
53
54
55
56
57
Next