SQL Injection in Wordpress core (CVE-2022–21661) | by Ngocnb | Jan, 2022 | Medium Cuối năm 2021, team mình đã phát hiện ra lỗ hổng SQL Injection trong phần core của Wordpress và mới... 2022-1-10 16:3:57 | 阅读: 5251 | 收藏 | medium.com và có đư đã trong

如何成為一名駭客 記得在我小時候曾玩過一款線上遊戲，我把我身上的總財產100元拿去買了遊戲點數，用這些錢買了強力的裝備，不料過了幾天之後裝備就憑空消失了，我的幼小心靈就隨著這100元的消逝而破碎了－這就是我第一次接觸到... 2021-10-15 19:51:59 | 阅读: 43 | 收藏 | medium.com 程式 資料 漏洞 密碼 injection

$300,000 RCE @ Wordpress. An analysis of the current state of… | by MrIP | Oct, 2021 | Medium When you first start reviewing Wordpress you’ll be immediately hit by what looks like weak system de... 2021-10-13 21:50:11 | 阅读: 50 | 收藏 | medium.com wordpress wp developers php injection

$300,000 RCE @ Wordpress When you first start reviewing Wordpress you’ll be immediately hit by what looks like weak system de... 2021-10-11 17:06:14 | 阅读: 59 | 收藏 | medium.com wordpress wp php developers libxml2

How do I get Started in Cyber Security? — My Perspective & Learning Path! Cyber Security, Ethical Hacking, Application Security, Penetration Testing, Bug Bounties, etc., thes... 2021-03-06 19:38:56 | 阅读: 297 | 收藏 | medium.com security network mozilla developer career

eWPTXv2 Exam Review Web Application is commonly found part of any organization’s infrastructure and often is exposed pub... 2021-02-16 23:52:23 | 阅读: 1266 | 收藏 | medium.com courseware resets security

Finding My First Bug: HTTP Request Smuggling This is the report of my first bug. The bug was HTTP Request Smuggling for which I got a bounty of $... 2021-02-15 04:49:59 | 阅读: 315 | 收藏 | medium.com portswigger 403 desync security gave

Getting started with XSS: Cross-Site Scripting Attacks Let’s get started with XSS, in order to get those critical bugs- CSRF, SSRF, RCE. Most of the time,... 2021-02-14 20:57:06 | 阅读: 248 | 收藏 | medium.com payload client malicious samy attacker

Oauth Misconfig  — Leads to Account Takeover Hello Infosec Community,This is my first writeup for the vulnerability that I reported and got the f... 2021-02-12 01:20:56 | 阅读: 226 | 收藏 | medium.com victim attacker hunt rvdp hunters

A Tale of 2nd $xxx Bounty | Ability to Gain Persistence on Facebook Events as an unremovable… Ability to Gain Persistence on Facebook Events as an unremovable co-host.This writeup describes a bu... 2021-02-10 11:31:56 | 阅读: 226 | 收藏 | medium.com facebook eventone usertwo pagetwo malicious

Dangling DNS: AWS EC2 Oct 3rd, 2019Asset: Private Program #1 (*.example.com)Report:Details:I began with enumerating subdom... 2021-02-10 03:32:12 | 阅读: 266 | 收藏 | medium.com dangling ec2 subdomain 2019asset fig

TCS HackQuest Season 5 - First Round CTF Write-up TCS HackQuest Season 5TCS HackQuest Season 5 is an ongoing CTF competition conducted by TCS Company... 2021-02-07 02:13:11 | 阅读: 335 | 收藏 | medium.com hq5 competition hackquest php

Hacking Organizations One Document at a Time With Metadata Metadata is simply defined as data about data. In computer systems, this is used to correctly interp... 2021-02-03 22:41:46 | 阅读: 226 | 收藏 | medium.com client software leveraged removal security

Intigriti’s January XSS Challenge IntroductionExplaining the codeInitial ideas and method of solvingThe solutionAs always, I started w... 2021-02-02 19:13:33 | 阅读: 241 | 收藏 | medium.com inject intigriti 0121 subdomain 0aid

How I chained P4 To P2 [Open Redirection To Full Account Takeover] Hello everyone,I hope you are doing good. After a very long time I am back with a new article about... 2021-02-01 20:14:32 | 阅读: 242 | 收藏 | medium.com bugcrowd redirecturl injection redirection security

OTP login rate limit bypass- The easiest bug beginners could find. Hello friends,Today I am going to write about a vulnerability that may motivate some beginners who a... 2021-02-01 18:06:01 | 阅读: 277 | 收藏 | medium.com otp burp entering exceeded tampering

Bragging Rights(Part 1): Short story of a bug wave Hi my fellow hacker buddies, I hope you all are doing well. We have entered in a new year(finally) a... 2021-01-31 03:02:41 | 阅读: 280 | 收藏 | medium.com ssrf idor subdomain hardcoded username

Let’s know How I have explored the buried secrets in React Native application A new era in Android Reverse Engineering part-1Thanks for the huge response to my previous write-up.... 2021-01-29 05:05:41 | 阅读: 290 | 收藏 | medium.com reverse apk minified coded dex2jar

CRASH COURSE FOR FINDING SQL INJECTION IN WEBAPPS:PART 1 I agree manually finding SQL injection in web applications is difficult stuff and not easy to find.... 2021-01-28 19:21:50 | 阅读: 312 | 收藏 | medium.com database attacker injection username band

Business Logic Error Methodology (easy way) + PoC-s , or hacking the website’s functionality by editing HTML code on the flyI have found this type of bu... 2021-01-28 14:23:37 | 阅读: 230 | 收藏 | medium.com figuring buttons deleting lucky soft