An Interesting Account Takeover! IDOR and weak encryption led to a Full account takeover.Hello, my fellow hackers. I am Mayank Pandey... 2021-12-20 19:52:51 | 阅读: 30 | 收藏 | infosecwriteups.com zlib php forged 40884692 reddit

Super Admin panel without Credentials As-Salaam-Alaikum.I am back with another writeup I hope you Guys are hunting and earning bounty. Thi... 2021-12-16 01:18:06 | 阅读: 23 | 收藏 | infosecwriteups.com subdomain vdp scrolling gospider burp

Accidental Bug leads to google honorable-mentions Hey fellow hackers and bug hunter’s,Story of my google hall of fameBug Name : Error message disclose... 2021-12-16 01:18:02 | 阅读: 22 | 收藏 | infosecwriteups.com onduo blahblah discloses hey 6am

Broken Link Hijacking — 404 Google Play Store— xxx$ Bounty 2021-12-15 15:02:50 | 阅读: 54 | 收藏 | infosecwriteups.com hackerone hijacking facebook developer

Another Admin panel As-Salaam-Alaikum.(Peace be upon you).I am back with another writeup I hope you Guys are hunting and... 2021-12-15 02:34:48 | 阅读: 16 | 收藏 | infosecwriteups.com isadmin burp 8content security

Root Me — TryHackMe Art of EscalationWelcome back amazing hackers in this blog I came with another interesting topic Roo... 2021-12-15 02:34:43 | 阅读: 33 | 收藏 | infosecwriteups.com php reverse python navigated firstly

How I Found multiple SQL Injection with FFUF and Sqlmap in a few minutes Hello all, hope you’re OK. Our journey today is about how I found multiple SQL Injections in a bug b... 2021-12-15 02:34:39 | 阅读: 180 | 收藏 | infosecwriteups.com php lowercase ffuf injections waybackurls

SQL Injection JR. Pentester -TryHackMe Hi, amazing hackers in this story you are gonna how to what is SQL injections and how to find them i... 2021-12-15 02:34:34 | 阅读: 214 | 收藏 | infosecwriteups.com database injection ans username martin

My mindset while hunting on Yandex and my SSRF Hey hunters!Another write-up talking about my mindset while hunting on a program with a new vulnerab... 2021-12-15 02:34:29 | 阅读: 107 | 收藏 | infosecwriteups.com yandex ssrf cloud intext proxy

A story about a not-so-direct SSRF Hi all, hope you are keeping well and staying safe. This blog is about my recent SSRF finding.Introd... 2021-12-15 02:34:25 | 阅读: 17 | 收藏 | infosecwriteups.com flask cloud ngrok supplying routes

Disrupting an Application’s Registration Process in 10 mins So as usual this writeup will be divided into three sectionsIntroduction.Vulnerability Description.S... 2021-12-15 02:34:20 | 阅读: 18 | 收藏 | infosecwriteups.com attacker karn username victim

Information disclosure via api misconfiguration As-Salaam-Alaikum (Peace be unto you)Hello, Amazing hackers My name is Rizwan Siddiqui I am a Bug Hu... 2021-12-13 19:07:34 | 阅读: 18 | 收藏 | infosecwriteups.com peace salaam siddiqui

How i was able to bypass Cloudflare WAF for SQLi payload Hi hackers and hunters!Cloudflare was a mistake for a lot of people they want to achieve critical vu... 2021-12-11 17:24:10 | 阅读: 1897 | 收藏 | infosecwriteups.com bypass bypassing payload injection datatype

Request Smuggling In Major Crypto Site  — road to disappointment Let me introduce myself since this is my first writing ever. At the beginning sorry if I make mistak... 2021-12-08 18:33:40 | 阅读: 13 | 收藏 | infosecwriteups.com f4 security beeceptor myself decimal

An Effective 5 min recon leads to a Hall of Fame Hi There,Renganathan Here, I’m an Ethical Hacker & a Security researcher.I’ve been acknowledged by L... 2021-12-08 18:15:46 | 阅读: 45 | 收藏 | infosecwriteups.com forticlient hall fame security username

A short story of Content Spoofing to HTML Injection in Apple using Dangling Markup Injection Rishu RanjanFollowOct 3 · 3 min readContent Spoofing is an injection in which user input is reflecte... 2021-12-08 17:04:12 | 阅读: 25 | 收藏 | infosecwriteups.com injection markup dangling errorkey

Just a click !! — Any unverified data submitted in behalf of your name #GoogleForms [Unpatched️] Disclaimer: This issue isn’t patched and I publish this write-up as a source of Information. I am no... 2021-12-08 16:52:22 | 阅读: 16 | 收藏 | infosecwriteups.com college vrp hiring recruiting gottcha

Bolt — TryHackMe let's get into the writeup, firstly deploy the machine after that making some Nmap scan to find the... 2021-12-08 16:25:18 | 阅读: 23 | 收藏 | infosecwriteups.com bolt username remote machine nmap

ByPass SSL Pinning with IP Forwarding | iptables If you wanna try, this is what we doing to bypass SSL Pinning in the mobile application.Creating And... 2021-12-08 15:14:08 | 阅读: 236 | 收藏 | infosecwriteups.com adapter proxy vboxnet1 machine burp

TALE OF A VULNERABILITY WHICH LEADS TO ACCOUNT TAKEOVER OF GOVERNMENT ANDROID APPLICATION AGENDA:. THINGS YOU SHOULD KNOW TO UNDERSTAND THE VULNERABILITY. DESCRIPTION OF THIS VULNERABILITY.... 2021-12-07 18:21:54 | 阅读: 43 | 收藏 | infosecwriteups.com microsoft deeplink oncreate asks