unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
Bragging Rights: Let’s head back to bug bucket
Welcome back my hacker homies! I hope you all are doing great, like me! So many things to learn dail...
2021-04-04 13:06:26 | 阅读: 190 |
收藏
|
infosecwriteups.com
bypass
payload
bypasses
idors
incorrect
Understanding & Identifying Insecure Deserialization Vulnerabilities
This post explains the nitty-gritty of Insecure Deserialization Vulnerabilities. We will be covering...
2021-04-03 23:44:33 | 阅读: 240 |
收藏
|
infosecwriteups.com
php
python
attacker
pickle
deserialize
[BugHunt] Authenticated RCE found in HorizontCMS — Part 2 (PHP Filetype Bypass)
As I talked about in the Part 1, [BugHunt] Authenticated RCE found in HorizontCMS — Part 1 (Maliciou...
2021-04-03 23:43:26 | 阅读: 187 |
收藏
|
infosecwriteups.com
php
horizontcms
test2
htaccess
bypassed
[BugHunt] Authenticated RCE found in HorizontCMS — Part 1 (Malicious Plugins)
A couple of weeks ago, I teamed up with my buddy, Chi Tran, to do some bug hunting on an open-source...
2021-04-03 14:29:41 | 阅读: 186 |
收藏
|
infosecwriteups.com
php
horizontcms
ttimot24
wiki
googlemaps
Facebook Push Notification Linkshim Bypassed
I’m glad you’re here. Please have fun reading (@nmochea).While browsing and finding facebook vulnera...
2021-04-01 23:20:25 | 阅读: 181 |
收藏
|
infosecwriteups.com
facebook
client
bypassed
2flogin
2ecom
Intigriti — XSS Challenge 0321
XSS with CSRF BypassThe challenge announcement on TwitterIt was March and Intigriti published a new...
2021-04-01 23:20:06 | 阅读: 293 |
收藏
|
infosecwriteups.com
intigriti
0321
onmousemove
webpage
mailto
Exploiting misconfigured OAuth to takeover accounts
Hi, in this writeup I will talk about two misconfigured OAuth flaws I found while looking for bugs,...
2021-03-31 14:17:35 | 阅读: 147 |
收藏
|
infosecwriteups.com
attacker
client
victim
comdidn
supplying
How I made it to Google HOF?
Heyyy Everyoneeee,I know it’s been a quite long time since I shared any of my findings sorry about t...
2021-03-22 22:56:18 | 阅读: 240 |
收藏
|
infosecwriteups.com
idor
appid
appsheet
vrp
replied
IDOR that allowed me to takeover any users account.
Hello all! My name is Vedant, also known as Vegeta(on twitter). I’m a cybersecurity enthusiast, comp...
2021-03-22 16:29:36 | 阅读: 193 |
收藏
|
infosecwriteups.com
payload
clicked
idor
visited
How I hacked Facebook: Part Two
This article was previously revised by multiple parties before releasing it, and I had to get writte...
2021-03-20 00:20:50 | 阅读: 519 |
收藏
|
infosecwriteups.com
facebook
ssrf
aspxauth
network
Business Logic Error on Registration Leads to SMS Validation Bypass
Hello, fellow hunters. It is time for another write-up. It was basically a business logic error whic...
2021-03-11 06:11:04 | 阅读: 239 |
收藏
|
infosecwriteups.com
username
enters
redirected
burp
Chain of Low Level Bugs and Misconfigurations Leads to Account Takeover
Hello, fellow hunters. I am going to tell you a tale about one of my recent findings in which I was...
2021-03-10 19:21:27 | 阅读: 257 |
收藏
|
infosecwriteups.com
payload
btoa
fired
bypass
26sol
How I Found Blind XSS On Flipkart
Hello Everyone….I hope you all are doing well. This write-up about Flipkart Cross-Site -Scripting Vu...
2021-03-10 18:29:28 | 阅读: 273 |
收藏
|
infosecwriteups.com
flipkart
payload
hall
lohigowda
security
Somebody Call the Plumber, GraphQL is Leaking Again…
Hello Everyone, I have a story for you today. It primarily will be about a GraphQL vulnerability I w...
2021-03-10 01:14:02 | 阅读: 235 |
收藏
|
infosecwriteups.com
bugcrowd
payout
facebook
monday
Exploiting HTTP Request Smuggling (TE.CL)— XSS to website takeover
Even though HTTP Request Smuggling is documented back on 2005, it is still one of the least known We...
2021-03-09 23:46:15 | 阅读: 261 |
收藏
|
infosecwriteups.com
intruder
turbo
burp
payload
Bigbasket Bug Bounty Writeup
Bigbasket Bug BountyThis is my first write-up.I am Lohith Gowda M (Security Engineer). Due to covid-...
2021-03-09 20:03:09 | 阅读: 265 |
收藏
|
infosecwriteups.com
backup
allowbackup
basket
security
tue
How I Got Access Dunzo Internal Dashboard
Hello Everyone!This write-up about Dunzo Sensitive Information Disclosure Vulnerability.The vulnerab...
2021-03-09 19:46:54 | 阅读: 267 |
收藏
|
infosecwriteups.com
dunzo
subdomain
tue
mon
lohigowda
How I was able to bypass the subscription plan of a famous regional e-paper web application by…
My Wife was looking for a job as a teacher. One day she told me that she needs this particular newsp...
2021-03-09 03:11:34 | 阅读: 219 |
收藏
|
infosecwriteups.com
trial
burp
wife
buying
usertype
Leveraging Template injection to takeover an account.
Hi, I am back again with an interesting writeup, this is about a template injection bug I reported t...
2021-03-08 14:39:25 | 阅读: 219 |
收藏
|
infosecwriteups.com
customized
attacker
injection
csti
greeting
THE INVINCIBLE KID
…This short write-up is about a vulnerability in Facebook Lite that allowed anyone to be invincible...
2021-03-05 21:39:36 | 阅读: 253 |
收藏
|
infosecwriteups.com
kid
facebook
victim
attacker
guardian
Previous
93
94
95
96
97
98
99
100
Next