unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
Why this EASY vulnerability resulted in a $20,000 bug bounty from GitLab
The hidden dangers of numerical IDsWeb applications have so many different objects, and it’s importa...
2022-8-1 14:24:18 | 阅读: 23 |
收藏
|
infosecwriteups.com
gitlab
saltyyolk
attacker
numerical
idor
This SIMPLE vulnerability in Shopify earned a $2500 bug bounty
Don’t forget to check for user access rightsOne of the most common vulnerabilities occur when a user...
2022-8-1 14:24:5 | 阅读: 24 |
收藏
|
infosecwriteups.com
zambo
hackerone
shopify
craiyon
GSuite domain takeover through delegation
It is not rare for a modern web application to have OAuth integrations, each of them requires specif...
2022-7-30 16:38:16 | 阅读: 33 |
收藏
|
infosecwriteups.com
gsuite
cloud
behalf
delegation
security
How this team accidentally found a SSRF in Slack exposing AWS credentials! A $4000 bug bounty
Complex libraries lead to hidden attack vectorsThis is an inspiring story for all bug bounty hunters...
2022-7-29 19:51:51 | 阅读: 26 |
收藏
|
infosecwriteups.com
libreoffice
ole
brett
spreadsheet
epfs
Why this SIMPLE mistake earned a $5000 bug bounty from Reddit
Moral of the story — be careful when you refactor codeRefactoring code is common place, especially a...
2022-7-28 16:4:48 | 阅读: 17 |
收藏
|
infosecwriteups.com
reddit
bisesh
approved
approval
security
How a Race Condition made these crypto hackers $5000 bug bounty
Moral of the story — test concurrent requestsI wrote about race conditions in a previous article tit...
2022-7-27 15:22:45 | 阅读: 284 |
收藏
|
infosecwriteups.com
starport
github
alice
faucet
hackerone
IW Weekly #11: Hacking Nginx, eJPT2.0, Free Hacking Resources, OWASP API, and more
2022-7-26 19:6:6 | 阅读: 33 |
收藏
|
infosecwriteups.com
newsletter
mx
amazing
musana
weekend
Mail Server Misconfiguration leads to sending a fax from anyone’s account on HelloFax (Dropbox BBP)…
Hi Everyone!,Hope you all are doing well :)This article is about my recent finding of a mail server...
2022-7-26 17:6:11 | 阅读: 21 |
收藏
|
infosecwriteups.com
hellofax
dropbox
victim
fax
bbp
Un3xpected DoS Attack on Profile Pictur3
Hey Everyone, Hope y’all doing Great and aw3some!Okayyyy - First of all, I wanted to say everyone th...
2022-7-23 21:12:9 | 阅读: 21 |
收藏
|
infosecwriteups.com
php
writeups
weekly
bypass
I mean, IDOR is NOT only about others ID
Hi folks! In this write-up, I’m going to talk about the vulnerability I found to broaden your perspe...
2022-7-23 15:19:47 | 阅读: 21 |
收藏
|
infosecwriteups.com
bookmark
idor
weekly
encountered
The more predictable you are, the less you get detected — hiding malicious shellcodes via Shannon…
Recently I publish a small PoC on Github about a way of hiding malicious shellcode in PE by lowering...
2022-7-22 18:42:19 | 阅读: 26 |
收藏
|
infosecwriteups.com
entropy
shellcode
payload
malicious
Good things takes time | Story of my first “valid” critical bug!
2022-7-19 13:15:27 | 阅读: 28 |
收藏
|
infosecwriteups.com
tld
ravendb
subdomain
database
8081
Hacking Facebook Invoice: How I could’ve bought anything for Free from Facebook Business Pages
…Samip Aryal, NepalThis writeup is about how i found a way to basically tamper requests from Faceboo...
2022-7-19 13:13:12 | 阅读: 18 |
收藏
|
infosecwriteups.com
invoice
buyer
facebook
mcom
marking
Finding 0-days in Enterprise Application
A tale of ‘Site-wide Account Takeover’Before we start with the technical part of the vulnerability i...
2022-7-18 02:17:17 | 阅读: 50 |
收藏
|
infosecwriteups.com
collecting
entered
engagement
FFUF-ing RECON
, or how to get to P1–P3 from a slightly different reconWhen it comes to recon, especially looking f...
2022-7-18 01:14:30 | 阅读: 34 |
收藏
|
infosecwriteups.com
ffuf
403
positives
vhosts
p3
Let’s talk about buffer overflow
A buffer overflow, or buffer overrun, occurs when more extra data is put into a fixed-length buffer...
2022-7-14 22:35:30 | 阅读: 25 |
收藏
|
infosecwriteups.com
overflow
behaviour
memory
overflows
unicodeuser
RouterSpace From Hackthebox
Android Exploitation and sudo ExploitHello Everyone I am Hac and today we will be doing Router space...
2022-7-10 04:32:24 | 阅读: 19 |
收藏
|
infosecwriteups.com
apk
unzip
ssh
dex2jar
analysis
Exposing Millions of Voter ID card user’s details.
Hi, Everyone. hope you’re well. I’m Aziz. Through this write-up, I will share some security issues I...
2022-7-10 03:30:8 | 阅读: 34 |
收藏
|
infosecwriteups.com
voter
alphabets
otp
victim
seven
A swag for a Open Redirect — Google Dork — Bug Bounty
2022-7-3 23:48:36 | 阅读: 48 |
收藏
|
infosecwriteups.com
dorks
swag
2fwww
redirection
hackerone
OAuth Misconfiguration Leads To Pre-Account Takeover
Hello,Today I am going to share one of my interesting findings on the private program of Bugcrowd. S...
2022-6-30 00:41:4 | 阅读: 61 |
收藏
|
infosecwriteups.com
victim
signup
him
weekly
Previous
74
75
76
77
78
79
80
81
Next