unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
How I Found The Facebook Messenger Leaking Access Token Of Million Users
Hi everyone,This blog is about how I found the Facebook Messenger iOS App Leaking Access Token Of Mi...
2020-11-23 09:30:29 | 阅读: 287 |
收藏
|
medium.com
facebook
messenger
burp
texted
leaking
The First Bounty Target (Disclosing Multiple Reports)
Hello,First of all, sorry for not posting for such a long period of time. I was really busy in this...
2020-11-22 07:22:41 | 阅读: 281 |
收藏
|
medium.com
burp
victim
posting
pii
ordered
Interesting case of SQLi
Hey everyone, didn’t get time this year to blog about my findings. But this one, I found around 2–3...
2020-11-22 05:18:43 | 阅读: 276 |
收藏
|
medium.com
bla
synack
youtube
invoicing
SOAP- Based Unauthenticated Out-of-Band XML External Entity (OOB-XXE) in a Help Desk Software
I omitted the application name as it was private program.While registering for an application, i hav...
2020-11-22 03:21:17 | 阅读: 316 |
收藏
|
medium.com
passwd
sessionid
wsdl
rrr
asd
Commenting on a post by opening it via page’s news-feed goes from a wrong actor (i.e.
This writeup is about an easy catch in Facebook Lite that led me to win a bug bounty from Facebook u...
2020-11-21 19:34:23 | 阅读: 300 |
收藏
|
medium.com
facebook
friday
wednesday
2020asked
saturday
Unauthenticated Account Takeover Through HTTP Leak
I used “app” keyword in place of application name as it was private program.While testing a forget p...
2020-11-20 04:37:40 | 阅读: 243 |
收藏
|
medium.com
attacker
emailbody
victim
sanitized
injection
CVE-2020–24723
Tale of Stored XSS Leads to admin account takeoverMayur ParmarNov 17 · 2 min readCVE:https://cve.mit...
2020-11-19 19:34:03 | 阅读: 267 |
收藏
|
medium.com
th3cyb3rc0p
payload
phpgurukul
enhttps
parmar
2FA Bypass On Instagram Through A Vulnerable Endpoint
This report is about the missing 2FA check on Instagram login when a user uses the ‘Secure account h...
2020-11-19 01:42:09 | 阅读: 291 |
收藏
|
medium.com
victim
attacker
replaces
security
User’s private watched videos’ List, saved videos, etc.
This writeup is about a vulnerability exposing user’s private watched videos list, saved videos, sha...
2020-11-18 18:37:15 | 阅读: 228 |
收藏
|
medium.com
facebook
unlocking
watched
thursday
intruder
Javascript Files Recon
A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and...
2020-11-18 01:58:23 | 阅读: 337 |
收藏
|
medium.com
nutshell
publication
hackrew
ups
bounties
Automating XSS using Dalfox, GF and Waybackurls
2020-11-17 17:06:35 | 阅读: 847 |
收藏
|
medium.com
testphp
gf
bybuilding
maintained
testxss
Optimizing Hunting Results in VDP for use in Bug Bounty Programs — From Sensitive Information…
As usual, I will try to release this write-up with two different approaches, which are:For those who...
2020-11-17 11:05:45 | 阅读: 222 |
收藏
|
medium.com
tld
inshaallah
subdomain
jira
Getting Started with Penetration Testing and dealing with everyday Mood and Motivation
It’s all about the right Mindset and Consistency!I would assume you already know what Penetration Te...
2020-11-17 03:18:18 | 阅读: 329 |
收藏
|
medium.com
hackthebox
vulnhubs
earn
hackerone
Attacking JSON Web Tokens (JWTs)
Forge the token to gain unauthorized access!Made by me :)JSON Web Token is commonly used for authori...
2020-11-16 22:14:17 | 阅读: 282 |
收藏
|
medium.com
hs256
rs256
python3
jwks
payload
CLICKJACKING TO OBTAIN LOGIN CREDENTIALS
Hey guys! Hope you all are doing fine. As I was approached by many community members asking to share...
2020-11-15 20:11:57 | 阅读: 271 |
收藏
|
medium.com
guys
hijacking
persisted
attacker
What it takes to find bugs in bounties!
Hi fellow hackers, I hope you all are hunting on your favorite targets and finding bugs. Even if you...
2020-11-14 19:42:56 | 阅读: 263 |
收藏
|
medium.com
burp
bounties
checklist
ssrf
vulns
Evading Filters to perform the Arbitrary URL Redirection Attack
Arbitrary URL Redirection Attack often is popularly known as an Open Redirection attack, which is a...
2020-11-12 22:39:37 | 阅读: 313 |
收藏
|
medium.com
redirection
validating
attacker
happening
2899905732
Chaining password reset link poisoning, IDOR+account information leakage to achieve account…
Mase289Nov 10 · 3 min readWhile assessing a target web application for impactful vulnerabilities, a...
2020-11-10 18:03:39 | 阅读: 220 |
收藏
|
medium.com
victim
attacker
resettoken
Wacky XSS challenge with amazon (by bugpoc)
Hey, welcome to the write up for wacky XSS challenge. Throughout the write-up, i will try to not to...
2020-11-10 16:36:47 | 阅读: 256 |
收藏
|
medium.com
payload
bugpoc
wont
redir
Understanding & Exploiting: Cross-Site Request Forgery — CSRF vulnerabilities
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unintended actions...
2020-11-07 18:27:51 | 阅读: 273 |
收藏
|
medium.com
victim
attacker
tied
accordance
referrer
Previous
6
7
8
9
10
11
12
13
Next