unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
WAF bypasses: Tearing down the wall
Source: GoogleBefore we go deep into the ACTUAL bypasses section, It’s really important to understan...
2021-08-14 00:12:11 | 阅读: 30 |
收藏
|
infosecwriteups.com
wafs
bypass
payload
network
bypasses
How we was able to takeover whole organization via Privilege Escalation
me and my brother hacking the world with HTMLHi everyone it’s Yasser again (AKA Neroli)My brother wa...
2021-08-14 00:12:07 | 阅读: 29 |
收藏
|
infosecwriteups.com
database
brother
him
triagers
invitation
How I collected sensitive data from examination software?
Hey Guyz! I am back with a new vulnerability on a college website.Photo by Markus Spiske on Unsplash...
2021-08-13 03:26:19 | 阅读: 25 |
收藏
|
infosecwriteups.com
admission
gave
college
victim
institution
Joining any class without the teacher’s invitation in Khan Academy
ArchiveABOUT USBug BountyCTFDiscord ServerWrite-up SubmissionsDiscord GroupHi There,Renganathan here...
2021-08-11 05:18:00 | 阅读: 27 |
收藏
|
infosecwriteups.com
khanacademy
ups
nutshell
encounters
khan
GCP Inspector | Auditing Publicly Exposed GCP Bucket
Installation of GCP Inspector and basics about enumerating publicly exposed GCP buckets.While playin...
2021-08-11 05:17:33 | 阅读: 30 |
收藏
|
infosecwriteups.com
gcp
gsutil
buckets
inspector
github
Bug bounty: Payment bypass using Response manipulation
Hi friends,It’s me Krishnadev P Melevila, After my first account takeover blog, I am back with a new...
2021-08-10 14:48:41 | 阅读: 44 |
收藏
|
infosecwriteups.com
krishnadev
melevila
2021t04
attackers
istmy
P1: Easy Access to Grafana Dashboard
Hey folks, I’m here to share one of my old findings. In which accessed the grafana dashboard with de...
2021-08-09 17:06:26 | 阅读: 26 |
收藏
|
infosecwriteups.com
hunters
subfinder
utilization
spider
attacker
Account Takeover (User + Admin) Via Password Reset
I’m Hemant Patidar, Final Year B.Tech - Civil Engineering Student at SRMIST, Chennai.A Civil Enginee...
2021-08-09 17:06:15 | 阅读: 39 |
收藏
|
infosecwriteups.com
consecutive
attacker
12346
civil
hemant
Exploiting JWT to Account Takeover
Hey Cyberpunks, Ethical Kaps here, I’m back again with another powerful article. I hope you all are...
2021-08-09 17:06:12 | 阅读: 56 |
收藏
|
infosecwriteups.com
kaps
hunt
hs256
till
grasp
What is BOLA? 3-digit bounty from Topcoder ($$$)
Hello everyone.This write-up will be about Broken Object Level Authorization (BOLA), which is #1 top...
2021-08-09 14:21:09 | 阅读: 22 |
收藏
|
infosecwriteups.com
topcoder
bola
victim
security
pii
XXE in Public Transport Ticketing Mobile APP
This finding was an another private bug bounty program. The scope of the target was a ticketing andr...
2021-08-09 14:12:30 | 阅读: 66 |
收藏
|
infosecwriteups.com
payload
ssh
ticketing
passwdsince
curious
Gaining Access To GCP Of Google Stadia — 500$ Bounty
IntroductionFirst of all, I must admit that the story is a bit old. It took place in July 2019.At th...
2021-08-07 18:24:31 | 阅读: 65 |
收藏
|
infosecwriteups.com
cloud
buckets
gcloud
github
identify
Cap-HTB| writeup, HackTheBox
This is my writeup for the ‘Love’ box found on HackTheBoxNmap scan report for 10.10.10.245Host is up...
2021-08-04 01:42:36 | 阅读: 155 |
收藏
|
infosecwriteups.com
ssh
245
gobuster
b2
raft
Google Bug Bounty: $500 worth client-side DoS on Google Keep
A write-up about a Client-Side DoS on Keep that allowed me to block any user from accessing their ke...
2021-07-30 19:37:30 | 阅读: 38 |
收藏
|
infosecwriteups.com
client
Ⱦs
23pm
rewarded
payload
Unauthenticated Access To MongoDB Database of Oracle Corporation
Hello everyone, today I will be talking about one of the critical bugs which I found in the Oracle C...
2021-07-30 18:34:39 | 阅读: 38 |
收藏
|
infosecwriteups.com
stag
hall
database
fame
findomain
You will never be able to register or login at redacted.com
Hello, It’s me Bikram Kharal from Nepal.I am infosec learner and engineering student.Today I will be...
2021-07-30 18:34:29 | 阅读: 28 |
收藏
|
infosecwriteups.com
username
limiting
clicked
hunt
bikram
My First Instagram Bug Bounty Report
Something is better than nothing, even if it is less than one wanted.Photo by Kvalifik on UnsplashJu...
2021-07-30 02:32:08 | 阅读: 51 |
收藏
|
infosecwriteups.com
phones
him
telling
tabs
letter
How I could have hacked your medium account by phishing your FB, Twitter & Google credentials.
Hi There,Renganathan here.This write-up is about the vulnerability that I found on Medium which will...
2021-07-30 01:29:11 | 阅读: 52 |
收藏
|
infosecwriteups.com
hall
fame
redirection
credited
humans
Breaking Application’s Logic to DOS Attack
Hey guys,Recently I had found a bug which was fine enough to deserve this post. So, I thought of wri...
2021-07-25 19:46:35 | 阅读: 65 |
收藏
|
infosecwriteups.com
idor
310
sequential
behaviour
network
Pre-Account Takeover by Reversing a Weak Email Verification Token Algorithm
I spoofed access to other people’s email in order to pre-steal user accounts before they are first r...
2021-07-23 17:36:59 | 阅读: 82 |
收藏
|
infosecwriteups.com
facebook
digit
victim
validated
attacker
Previous
86
87
88
89
90
91
92
93
Next