unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
XXE : From Zero to Hero
Hello fellow hackers, I hope you all are doing good and learning something new :) . As i said in my...
2021-04-30 16:06:50 | 阅读: 283 |
收藏
|
infosecwriteups.com
passwd
band
malicious
x25
attacker
All about cross-site scripting (XSS)
Hello Amazing Hackers,Hope you guys Doing well and hunting lots of bugs and Dollars !Well, let’s sta...
2021-04-26 18:27:14 | 阅读: 178 |
收藏
|
infosecwriteups.com
client
payload
xssstored
impactful
Hacking GraphQL for Fun and Profit — Part 2— Methodology and Examples
GraphQLHello everyone,I am back with another part of the Hacking GraphQL series. We have already gon...
2021-04-26 18:26:40 | 阅读: 181 |
收藏
|
infosecwriteups.com
identify
grades
inql
mutations
Hacking GraphQL for Fun and Profit — Part 1 — Understanding GraphQL Basics
Hello everyone!!In this blog we will be going through some basics of GraphQL to understand technolog...
2021-04-25 21:36:54 | 阅读: 174 |
收藏
|
infosecwriteups.com
oftype
typeref
inputvalue
directives
How I hacked into India’s top matrimonial website and earned amazon gift card worth 10K INR.
Hey friends,Hope you all are safe and good.Don’t know why suddenly I was getting more requests in my...
2021-04-25 21:34:54 | 阅读: 168 |
收藏
|
infosecwriteups.com
otp
burp
payload
matrimonial
forgot
The peculiar case of HTML Injection
This is a Writeup for an unusual HTML Injection bug I found on a private bug bounty program.HTML Inj...
2021-04-25 03:59:01 | 阅读: 196 |
收藏
|
infosecwriteups.com
injection
attacker
payload
chaining
Brave — Stealing your cookies remotely
Brave for Android had a vulnerability that allowed a malicious web page to steal your cookies remote...
2021-04-23 18:30:14 | 阅读: 173 |
收藏
|
infosecwriteups.com
brave
malicious
download
chrome
GOOGLE HACKING / DORKING
What is dorking?Google hacking or Dorking is nothing more than a way of looking for things a little...
2021-04-22 18:12:05 | 阅读: 515 |
收藏
|
infosecwriteups.com
php
intext
inurl
cfm
wordpress
Exploiting Unrestricted File Upload to achieve Remote Code Execution on a bug bounty program
Accessing https://asdfasdf.redacted.com revealed a login form with a userid and name field. A user w...
2021-04-21 02:59:03 | 阅读: 183 |
收藏
|
infosecwriteups.com
hopefully
ffuf
seclists
confirming
insight
(POC) Remove any Facebook’s live video ($14,000 bounty)
There is a feature (video trimming) which allow Facebook users to remove unnecessary content from th...
2021-04-19 15:44:31 | 阅读: 197 |
收藏
|
infosecwriteups.com
facebook
1675030
untrim
trim
awarded
Pwning your assignments: Stored XSS via GraphQL endpoint
The bug was found on a highly mature bug bounty program, that was running for over 4–5 years as a pu...
2021-04-18 23:12:56 | 阅读: 181 |
收藏
|
infosecwriteups.com
payload
instructor
tutoring
idor
domaini
How I was able to find and exploit the Google Maps API key of a target and you can do it too
Hey, What’s Up Fellow Hackers & pro bug bounty hunters hope you are doing well and staying safe, hun...
2021-04-16 17:13:02 | 阅读: 417 |
收藏
|
infosecwriteups.com
subdomain
bugcrowd
yeah
mistake
chose
JavaScript prototype pollution: practice of finding and exploitation
If you follow the reports of researchers who participate in bug bounty programs, you probably know a...
2021-04-15 20:51:38 | 阅读: 533 |
收藏
|
infosecwriteups.com
pollution
pp
client
payload
Anatomy of learning new things and keeping yourself updated in hacking
Hi homies, I hope you all are safe and doing your stuff constantly. Summer is up and we are increasi...
2021-04-14 04:35:29 | 阅读: 199 |
收藏
|
infosecwriteups.com
enjoy
writeups
papers
tips
amazing
Unauthenticated Account Takeover Through Forget Password
I was hunting a full month on a federal private program and comes up with plenty of account takeover...
2021-04-13 04:07:35 | 阅读: 203 |
收藏
|
infosecwriteups.com
plenty
licensing
asks
resetting
ended
Story of a really cool SSRF bug.
2021-04-12 19:24:09 | 阅读: 127 |
收藏
|
infosecwriteups.com
Directory Fuzzing — Bug Bounty
Let python automate your bug bounty work!Image by c0d3x all right reserved.When you are fuzzing a su...
2021-04-12 16:57:48 | 阅读: 223 |
收藏
|
infosecwriteups.com
github
robots
subdomain
download
dumper
SerpScan -Automate your Recon using search engines
2021-04-10 18:11:10 | 阅读: 120 |
收藏
|
infosecwriteups.com
Play a game, get Subscribed to my channel - YouTube Clickjacking Bug | #GoogleVRP
NOTE: Not gonna publish some of my best bugs :) Sorry !!!Well, it was a amazing Sunday ( We are a St...
2021-04-07 16:15:49 | 阅读: 232 |
收藏
|
infosecwriteups.com
youtube
victim
vrp
reward
song
Weird and very easy authentication bypass found with Google dorking
In this post, I will explain how I found an authentication bypass, and further explored the function...
2021-04-05 22:56:30 | 阅读: 202 |
收藏
|
infosecwriteups.com
bypass
inurl
loaded
redirected
Previous
92
93
94
95
96
97
98
99
Next