Vipin Panchal (@dirtycoder0124) 在 Piclur：Escalated algolia key misconfiguration to stored xss. / Piclur

Vipin Panchal

@dirtycoder0124

年10月6日

Found Algolia key in the DOM using my own Chrome extension. It searches the defined keywords in the DOM and JS files. github.com/dirtycoder0124… Exploit the key by following the steps given on hackwithsuryesh.medium.com/algolia-api-ke… #bugbounty #bugbountytips

dirtycoder0124's tweet card. Hi Everyone this is Suryesh a Bug Hunter from India. In this write-up i’ll explain how you can exploit Algolia API Key and earn $$$$.

Algolia API Key Exploitation leads to $1000 Bounty (P2) on Private program

來源: hackwithsuryesh.medium.com

Vipin Panchal

@dirtycoder0124

年10月6日

Escalated algolia key misconfiguration to stored xss.

United States 趨勢

1. Jeremiah Smith 5,496 posts
2. Vandy 8,486 posts
3. Julian Sayin 4,450 posts
4. Caleb Downs N/A
5. Ohio State 14K posts
6. Pavia 3,271 posts
7. Caicedo 24.4K posts
8. Arch Manning 3,411 posts
9. Vanderbilt 6,868 posts
10. CJ Donaldson N/A
11. Clemson 8,230 posts
12. #HookEm 3,147 posts
13. French Laundry 4,794 posts
14. Christmas 130K posts
15. Jim Knowles 1,019 posts
16. Buckeyes 4,381 posts
17. Gus Johnson N/A
18. Arvell Reese N/A
19. Dawson 3,598 posts
20. #GoBucks 2,518 posts

Something went wrong.

Something went wrong.