Penetrating PornHub – XSS vulns galore (plus a cool shirt!)
When PornHub launched their public bug bounty program, I was pretty sure that most of the low hanging fruits of...
Read more →Category: Mix
Abusing HTTP Path Normalization and Cache Poisoning to steal Rocket League accounts | Sam Curry
Over the last few years, usage of vulnerability disclosure and bug bounty programs have increased significantly. It is now almost...
Read more →
Extracting SSH Private Keys From Windows 10 ssh-agent
This weekend I installed the Windows 10 Spring Update, and was pretty excited to start playing with the new, builtin...
Read more →
1k Per Day Challenge — Earning 30k in 30 Days – Ron Chan
It starts with this tweet Since money is one of the best way to keep hunters motivated, going after a difficult...
Read more →
INTERVIEW WITH @H13- : #1 BUG BOUNTY HUNTER ON SHOPIFY | METHODOLOGY, MISTAKES, TIPS & MORE…
INTERVIEW WITH @H13- : #1 BUG BOUNTY HUNTER ON SHOPIFY | METHODOLOGY, MISTAKES, TIPS & MORE… Source link
Read more →
Passcode Activity Bypass using Race Condition
An Activity is one of the Android’s component in an app. It is the screen that the user sees on...
Read more →
Everyone is wrong about Twitter · rez0
Twitter’s new fearless leader, by Midjourney AI The twittersphere has been full of hot-takes since Elon took over. Most everyone...
Read more →
Hacking 1Password | Episode 4 – Two Simple Bugs that Worth $3,300
Hacking 1Password | Episode 4 – Two Simple Bugs that Worth $3,300 Source link
Read more →
From Quiz to Admin – Chaining Two 0-Days to Compromise An Uber WordPress – RCE Security
TL;DR While doing recon for H1-4420, I stumbled upon a WordPress blog that had a plugin enabled called SlickQuiz. Although...
Read more →
Broken Access Control – Lab #9 UID controlled by param with data leakage in redirect | Short Version
Broken Access Control – Lab #9 UID controlled by param with data leakage in redirect | Short Version Source link
Read more →
Basic recon to RCE
Recently on a BugBounty program I came across my first RCE, discovered and exploited rather quickly on a solution with...
Read more →