你可能会喜欢
🚨🇹🇷 Alleged Mall Logistics Data Breach Exposes Android Source Code
Always thoroughly examine your targets' .js and .js.map files; these files can always provide you with great information about your target. 🥳👍 My tool: github.com/ynsmroztas/JSM… #DevTools #JsMap #bugbountytip #bugbountytips #InfoSec #recon
I did it 4 times. Also, think about how you do fuzzing EX 1: GET /DIR/sens/01567777 => GET /DIR/sens/0156FUZZ (4) Since most large IDs usually start after a large number (if sequentially), therefore GET /DIR/sens/FUZZ (8) It takes a lot of time & most are actually empty.
tip : when testing for idor and enumerating IDs, let the intruder finish the work, some results can be misleading, in my case, a lot of IDs showed 502 response code, but I left the intruder finish the work and got multiple valid IDs
الحمدلله Found exposed AWS keys in a public repo report triaged on @Bugcrowd . Using Github Dork: org:Target aws_access_key_id
Just published the very first writeup on my biggest P1 bounty 1️⃣ Check it out: medium.com/@bugbounty0901… #bugbounty #oauth2
Just Got Rewarded at @intigriti 🤑$$$$ Tip:- Fuzz the endpoints/path of one domain to other domains. mno[.]abc[.]com/logs -> 403 xyz[.]abc[.]com/logs -> 200 #intigriti #bugbounty #cybersecurity #bugreport #bounty #reward #hackerone #bugcrowd
![Harsh25NN's tweet image. Just Got Rewarded at @intigriti
🤑$$$$
Tip:- Fuzz the endpoints/path of one domain to other domains.
mno[.]abc[.]com/logs -> 403
xyz[.]abc[.]com/logs -> 200
#intigriti #bugbounty #cybersecurity #bugreport #bounty #reward #hackerone #bugcrowd](https://pbs.twimg.com/media/G5RaJlqbIAMfc4Z.jpg)
Hi All, Published my writeup on recent engagement and "Why You Should Always Take Your Shot" Read it here: medium.com/@xploiterr/why… #BugBounty
Payload : 1%20and%20if(1%3d1%2c%20sleep(5)%2c%20false)%20--
{فَرِحِينَ بِمَا آتَاهُمُ اللَّهُ مِن فَضْلِهِنَ} Found SQL Injections bug in a public program with 1000+ reports ودا فيديو كامل للريبورت لاي حد سواء ديفوبلر او سكيورتي Video : youtu.be/Hp7qUr9PVXI #ItTakesACrowd #bugbountytips #bugbounty #bugcrowd #hackerone
Scored a $5,000 bounty today. I’ve only started messing around with AI in my workflow THIS week. Normally I’d spend hours trying to escalate certain bugs - the kind that takes a lot of digging and escalation and I'd usually end up moving away from it considering the ROI. But this…
🚨 New Writeup Alert! 🚨 "Privilege Escalation From Guest To Admin" by Mado is now live on IW! Check it out here: infosecwriteups.com/c3d2eb357dd1 #bugbounty #privilegeescalation #hacking #bugbountytips #infosec
While testing for XSS, I came across a hidden input with an injectable parameter. It was a challenge to confirm, by using normal attributes . Try this payloa and congrats if it pops! "+oncontentvisibilityautostatechange=alert(document.cookie)+style=content-visibility:auto+x="
I didn’t suddenly start finding criticals. I just changed my mindset. A month ago, I decided to focus only on P1s. Mediums still get reported, but they’re not the goal. When you aim for criticals, you’ll find mediums, but when you aim for mediums, crits stay out of reach.
I published a write-up about a chain of three client-side vulnerabilities that @m3hradd and I discovered, which led to a one-click account takeover. blog.soloboy.me/chain-of-three…
#BugBounty isn’t just about testing for bugs , it’s about testing your limits 💪 You’ll get blocked by firewalls, restrictions, duplicates, or “informative” reports… but you get back up and keep going. I’ve had moments when I thought, “I’m done, I should just give up on…
Bypassing Business Logic via Race Condition: A $500 Bounty Bug by @a13h1_ medium.com/h7w/bypassing-…
How a Newline Injection in Folder Names Broke Access Revocation: 750$ Bug by @a13h1_ medium.com/p/how-a-newlin…
Unauthorized Access to Enterprise Policies Management: $500 BAC Bug by @a13h1_ medium.com/p/unauthorized…
Business-logic vulnerability via special characters: attacker persists in victim organization by hgr00x medium.com/p/business-log…
Business Logic Vulnerability lead to PII theft & account take over by @zack0x01 medium.com/p/business-log…
How I Accidentally Became the Company’s Unofficial File Clerk (And Saw Everyone’s Secrets) 📁👀 by Iski medium.com/p/how-i-accide…
United States 趋势
- 1. #DWTS 88.9K posts
- 2. Luka 41.6K posts
- 3. Robert 126K posts
- 4. Lakers 29.5K posts
- 5. Clippers 11K posts
- 6. Alix 14.5K posts
- 7. Elaine 44.9K posts
- 8. Jordan 118K posts
- 9. Reaves 4,377 posts
- 10. #LakeShow 2,214 posts
- 11. Dylan 34.9K posts
- 12. Kawhi 3,907 posts
- 13. Collar 36.5K posts
- 14. NORMANI 5,640 posts
- 15. Zubac 1,773 posts
- 16. #DancingWithTheStars 2,242 posts
- 17. Colorado State 2,130 posts
- 18. Godzilla 35.2K posts
- 19. Carrie Ann 4,208 posts
- 20. Daniella 3,933 posts
你可能会喜欢
Something went wrong.
Something went wrong.