Identifying & Exploiting SQL Injection: Manual & Automated In this article, we will start by Identifying the SQL Injection vulnerabilities & how to exploit the... 2020-12-13 16:35:50 | 阅读: 240 | 收藏 | medium.com database sqlmap fig acuart injection

Sensitive data exposure through GitHub: A deep dive into bug ocean Hello my hacker buddies, I hope you all are doing great. Keep finding bugs and even if you are not f... 2020-12-10 03:35:02 | 阅读: 205 | 收藏 | medium.com dorks github dorking repository anyways

Chaining vulnerabilities lead to account takeover In this write-up, I will explain how I was able to chain five vulnerabilities that lead to one link... 2020-12-05 09:50:33 | 阅读: 242 | 收藏 | medium.com leakage client weird

Applying the old school hacking to bug hunting Or, documentation + source code = knowledge, profit(?)I’m a big fan of the old school approach to ha... 2020-12-02 09:46:43 | 阅读: 261 | 收藏 | medium.com jira ffuf wappalyzer slashes pfed

The YouTube bug that allowed unlisted uploads to any channel It was late June when I received an invitation to test out a new product from YouTube: a video build... 2020-12-01 07:37:09 | 阅读: 264 | 收藏 | medium.com youtube 6e4b unlisted beca

Bcrypt — Account TakeOver Due To Weak Encryption — #HR51KDB Hey Fellas! I hope you all are doing good and safe. Thank you so much for showing your interest in m... 2020-11-29 22:08:10 | 阅读: 288 | 收藏 | medium.com otp bcrypt otppassword debcrypt ato

Testing for Directory or Path Traversal Vulnerabilities In this article, we’ll be discussing, how to perform Directory Traversal or Path Traversal attacks,... 2020-11-29 20:06:26 | 阅读: 330 | 收藏 | medium.com windows testsite sequences slash attacker

Reflected Cross Site Scripting on Private Program (Bounty:750$) Hi guys, this is my first english write-up, so I’m sorry for my bad english grammar.Obviously, I dis... 2020-11-27 16:03:12 | 阅读: 271 | 收藏 | medium.com sorry exploring payload blur guys

Beginners Guide: VPS Setup for Bug Bounty Recon Automation Hello, All. My name is Ranjan. I am a final year CS undergrad and a part-time bug bounty hunter. Due... 2020-11-25 19:22:28 | 阅读: 405 | 收藏 | medium.com ssh cloud username bothra

How I Found The Facebook Messenger Leaking Access Token Of Million Users Hi everyone,This blog is about how I found the Facebook Messenger iOS App Leaking Access Token Of Mi... 2020-11-23 09:30:29 | 阅读: 292 | 收藏 | medium.com facebook messenger burp texted leaking

The First Bounty Target (Disclosing Multiple Reports) Hello,First of all, sorry for not posting for such a long period of time. I was really busy in this... 2020-11-22 07:22:41 | 阅读: 286 | 收藏 | medium.com burp victim posting pii ordered

Interesting case of SQLi Hey everyone, didn’t get time this year to blog about my findings. But this one, I found around 2–3... 2020-11-22 05:18:43 | 阅读: 281 | 收藏 | medium.com bla synack youtube invoicing

SOAP- Based Unauthenticated Out-of-Band XML External Entity (OOB-XXE) in a Help Desk Software I omitted the application name as it was private program.While registering for an application, i hav... 2020-11-22 03:21:17 | 阅读: 321 | 收藏 | medium.com passwd sessionid wsdl rrr asd

Commenting on a post by opening it via page’s news-feed goes from a wrong actor (i.e. This writeup is about an easy catch in Facebook Lite that led me to win a bug bounty from Facebook u... 2020-11-21 19:34:23 | 阅读: 306 | 收藏 | medium.com facebook friday wednesday 2020asked saturday

Unauthenticated Account Takeover Through HTTP Leak I used “app” keyword in place of application name as it was private program.While testing a forget p... 2020-11-20 04:37:40 | 阅读: 249 | 收藏 | medium.com attacker emailbody victim sanitized injection

CVE-2020–24723 Tale of Stored XSS Leads to admin account takeoverMayur ParmarNov 17 · 2 min readCVE:https://cve.mit... 2020-11-19 19:34:03 | 阅读: 272 | 收藏 | medium.com th3cyb3rc0p payload phpgurukul enhttps parmar

2FA Bypass On Instagram Through A Vulnerable Endpoint This report is about the missing 2FA check on Instagram login when a user uses the ‘Secure account h... 2020-11-19 01:42:09 | 阅读: 296 | 收藏 | medium.com victim attacker replaces security

User’s private watched videos’ List, saved videos, etc. This writeup is about a vulnerability exposing user’s private watched videos list, saved videos, sha... 2020-11-18 18:37:15 | 阅读: 233 | 收藏 | medium.com facebook unlocking watched thursday intruder

Javascript Files Recon A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and... 2020-11-18 01:58:23 | 阅读: 342 | 收藏 | medium.com nutshell publication hackrew ups bounties

Automating XSS using Dalfox, GF and Waybackurls 2020-11-17 17:06:35 | 阅读: 853 | 收藏 | medium.com testphp gf bybuilding maintained testxss