Optimizing Hunting Results in VDP for use in Bug Bounty Programs — From Sensitive Information… As usual, I will try to release this write-up with two different approaches, which are:For those who... 2020-11-17 11:05:45 | 阅读: 225 | 收藏 | medium.com tld inshaallah subdomain jira

Getting Started with Penetration Testing and dealing with everyday Mood and Motivation It’s all about the right Mindset and Consistency!I would assume you already know what Penetration Te... 2020-11-17 03:18:18 | 阅读: 337 | 收藏 | medium.com hackthebox vulnhubs earn hackerone

Attacking JSON Web Tokens (JWTs) Forge the token to gain unauthorized access!Made by me :)JSON Web Token is commonly used for authori... 2020-11-16 22:14:17 | 阅读: 289 | 收藏 | medium.com hs256 rs256 python3 jwks payload

CLICKJACKING TO OBTAIN LOGIN CREDENTIALS Hey guys! Hope you all are doing fine. As I was approached by many community members asking to share... 2020-11-15 20:11:57 | 阅读: 275 | 收藏 | medium.com guys hijacking persisted attacker

What it takes to find bugs in bounties! Hi fellow hackers, I hope you all are hunting on your favorite targets and finding bugs. Even if you... 2020-11-14 19:42:56 | 阅读: 267 | 收藏 | medium.com burp bounties checklist ssrf vulns

Evading Filters to perform the Arbitrary URL Redirection Attack Arbitrary URL Redirection Attack often is popularly known as an Open Redirection attack, which is a... 2020-11-12 22:39:37 | 阅读: 315 | 收藏 | medium.com redirection validating attacker happening 2899905732

Chaining password reset link poisoning, IDOR+account information leakage to achieve account… Mase289Nov 10 · 3 min readWhile assessing a target web application for impactful vulnerabilities, a... 2020-11-10 18:03:39 | 阅读: 228 | 收藏 | medium.com victim attacker resettoken

Wacky XSS challenge with amazon (by bugpoc) Hey, welcome to the write up for wacky XSS challenge. Throughout the write-up, i will try to not to... 2020-11-10 16:36:47 | 阅读: 261 | 收藏 | medium.com payload bugpoc wont redir

Understanding & Exploiting: Cross-Site Request Forgery — CSRF vulnerabilities Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unintended actions... 2020-11-07 18:27:51 | 阅读: 277 | 收藏 | medium.com victim attacker tied accordance referrer

How to start Bug Bounty? 1. Scope domainFinding roots (show in-scope targets(subdomains) in bug bounty platform; like HackerO... 2020-11-06 03:51:02 | 阅读: 307 | 收藏 | medium.com subdomain github subfinder spiders

My First Bug Bounty Reward The happiest moment for any hunter. What I did, a few strategies and resources to start withPhoto by... 2020-11-03 07:11:02 | 阅读: 271 | 收藏 | medium.com facebook crazy subdomain barely mistake

Directory Fuzzing Let python automate your work!Image by c0d3x27 all right reserved.When fuzzing a subdomain, You may... 2020-11-03 06:06:52 | 阅读: 386 | 收藏 | medium.com subdomain httpsurl robots urllib3

How I Did Full Account Takeover By Clickjacking Hello everyone today I am going to tell you how I did from Clickjacking to full account takeover so... 2020-11-03 05:08:59 | 阅读: 315 | 收藏 | medium.com invisible malicious unwittingly hall

Identifying & Escalating HTTP Host Header Injection attacks The purpose of the HTTP Host header is to help identify which back-end component the client wants to... 2020-10-31 04:16:17 | 阅读: 274 | 收藏 | medium.com attacker victim wrapping inject

Yes! That’s why we are couting it as an issue at the first place. Yes! That’s why we are couting it as an issue at the first place. Since you are able to access edit... 2020-10-30 06:36:10 | 阅读: 274 | 收藏 | medium.com couting filled secondly

Let’s talk about Improper Resource Shutdown The program does not release or incorrectly releases a resource before it is made available for re-u... 2020-10-30 02:57:56 | 阅读: 233 | 收藏 | medium.com fis database mylock bytearray finalize

Bypassing WAF to do Error-Based SQL Injection During penetration testing, I faced with a website which on this article I will name it as http://do... 2020-10-26 01:12:00 | 阅读: 272 | 收藏 | medium.com php database 50000select 50000union dumping

My first bug on Google: Observation wins! The clearer you see, the better you win!So, I was trying Google this time to see if I get something... 2020-10-25 21:10:04 | 阅读: 256 | 收藏 | medium.com redected putting appreciated matters

Accidental Observation to Critical IDOR Insecure Direct Object Reference falls under the category for Broken Access Controls as per OWASP TO... 2020-10-25 03:21:18 | 阅读: 322 | 收藏 | medium.com targetsub myaccount idors attacker flows

Accidental Observation to Critical IDOR Insecure Direct Object Reference falls under the category for Broken Access Controls as per OWASP TO... 2020-10-25 03:21:18 | 阅读: 357 | 收藏 | medium.com targetsub myaccount idors attacker flows