unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
Detecting Log4j & its Remediation
Alex Chumak on UnsplashThis article is dedicated to log4j and how it’s being exploited in the wild b...
2022-9-12 19:26:59 | 阅读: 16 |
收藏
|
infosecwriteups.com
log4j
attackers
jndi
payload
cores
How I found 3 rare security bugs in a day
Hello everyone,Last week, I was waiting for test accounts to pentest a mobile application. So at thi...
2022-9-12 18:29:24 | 阅读: 21 |
收藏
|
infosecwriteups.com
travel
cheap
attacker
checker
New technique 403 bypass lyncdiscover.microsoft.com
HiI discovered a new technique to bypass 403 that I want to share with you.I have been working on th...
2022-9-12 18:29:1 | 阅读: 37 |
收藏
|
infosecwriteups.com
403
svc
bypass
abbas
forbidden
How to prevent more than 200 million users from using Google services
Hi Folks,when hunting in Google I found that Google own this domain appsheet.com you can check this...
2022-9-12 18:27:40 | 阅读: 10 |
收藏
|
infosecwriteups.com
appsheet
portfolio
username
phishing
attacker
How I found 3 RXSS on the Lululemon bug bounty program
Hi everybody, today i will show you how can simple technique lead you to find multiple series vulner...
2022-9-10 14:24:34 | 阅读: 34 |
收藏
|
infosecwriteups.com
lululemon
omar
payload
gau
2fscript
OSINT Information Gathering with Informer
As everyone knows information gathering in cyber security and ethical hacking is very important. The...
2022-9-8 12:25:3 | 阅读: 16 |
收藏
|
infosecwriteups.com
gathering
informer
python3
github
geo
Why broken access control is the most severe vulnerability
Arget on UnsplashImagine that your friend Bob creates a website, and you and Alice create an account...
2022-9-5 18:49:49 | 阅读: 32 |
收藏
|
infosecwriteups.com
alice
username
developer
friend
tamper
Exploiting OAuth authentication vulnerabilities Part II
Today I will show some techniques that can be used to exploit OAuth 2.0 and possibly allow an attack...
2022-9-4 02:9:53 | 阅读: 35 |
收藏
|
infosecwriteups.com
attacker
client
linking
victim
validated
OAuth 2.0 (Introduction and Exploitation Part I)Explained By Hashar Mujahid
In this blog, I am going to explain how OAuth 2.0 works and what vulnerabilities can be raised if it...
2022-9-1 15:52:8 | 阅读: 27 |
收藏
|
infosecwriteups.com
carlos
client
signup
security
Hack With SQL Injection Attacks! DVWA medium security — StackZero
This is a very practical article that, If you have the patience to read until the end, will teach yo...
2022-8-30 19:47:59 | 阅读: 40 |
收藏
|
infosecwriteups.com
username
security
beautify
beautified
injection
SSRF — Exploitation 02
Successful Cyberattacks often start at the “Network Perimeter”.Now that we have covered the basics o...
2022-8-30 19:47:34 | 阅读: 37 |
收藏
|
infosecwriteups.com
network
ssrf
ssrfs
cloud
responds
Bypassing Amazon WAF to pop an alert()
Hey everyone, its been a while since I published anything. This time, I’ll be sharing how I bypassed...
2022-8-29 18:33:27 | 阅读: 32 |
收藏
|
infosecwriteups.com
payload
bracket
arjun
wordpress
kxss
SSRF — The Server’s Loophole 01
Successful Cyberattacks often start at the “Network Perimeter”.As a company grows, it becomes increa...
2022-8-28 04:30:50 | 阅读: 27 |
收藏
|
infosecwriteups.com
ssrf
network
attacker
perimeter
proxy
Server Side Template Injections Portswiggers Labs Walkthrough Part III
Hi, My name is Hashar Mujahid, Today we are going to solve some more SSTI labs from Portswiggers. If...
2022-8-28 04:30:19 | 阅读: 49 |
收藏
|
infosecwriteups.com
carlos
payload
injection
setavatar
avatarlink
SSRF leads to access AWS metadata.
Hi Mates, I am Akash Patil (@skypatil98) from India. I am in the bug bounty field from the last 2.5...
2022-8-27 19:18:5 | 阅读: 67 |
收藏
|
infosecwriteups.com
reducted
proxy
ssrf
throwing
attacker
$7000 Bounty, Web3 Bug Hunting, API Hacking, IDOR, Triggering XSS with emojis, XSS Flyer, and much…
2022-8-27 14:41:26 | 阅读: 40 |
收藏
|
infosecwriteups.com
newsletter
kumar
web3
siddharth
corey
Sometimes times the best hack is no hack at all — $2900 Shopify Bug Bounty
Access control is key.Photo by Ashin K Suresh on UnsplashBroken Access Control was listed by the Ope...
2022-8-26 15:58:17 | 阅读: 31 |
收藏
|
infosecwriteups.com
elevation
0x50d
security
shopify
2900
Bypassing unexpected IDOR
Hello guys, I am back again with another writeup on my very recent bug finding on HackerOne Private...
2022-8-26 14:57:24 | 阅读: 27 |
收藏
|
infosecwriteups.com
idor
attacker
intresting
victim
retire
Stored XSS using SVG file
Hey guys, hope you all are doing well. I am Bharat Singh a Security Researcher and bug hunter from I...
2022-8-26 14:56:52 | 阅读: 31 |
收藏
|
infosecwriteups.com
bharat
graphics
hanging
quiet
security
Break the Logic: 5 Different Perspectives in Single Page (€1500)
Hello everyone. Today I’m going to talk about five different vulnerabilities that I found on a singl...
2022-8-26 14:55:59 | 阅读: 15 |
收藏
|
infosecwriteups.com
residential
clicked
parents
household
burp
Previous
72
73
74
75
76
77
78
79
Next