Abusing internal API to achieve IDOR in New Relic
I recently found a nice insecure direct object reference (IDOR) in New Relic which allowed me to pull data from other user accounts, and I…
Category: Mix
Don’t Force Yourself to Become a Bug Bounty Hunter
Ever since I was a kid I was never good at doing schoolwork. I had envied everyone that seemed to complete things so effortlessly and…
Serverless Toolkit for Pentesters – ropnop blog
Serverless is awesome and I can’t believe this stuff is free. I’m releasing some serverless functions that I’ve developed over the past few weeks to…
[Uber] redirect_uri is difficult to do it right – Ron Chan
I don’t have automation in my bug hunting, no sqlmap, sublist3r or jsparser. I tried, they just don’t work out for me. Other than a…
Bug Bounties Using only Burp & Browser – 30 DAY RESULTS (UNEXPECTED)
Bug Bounties Using only Burp & Browser – 30 DAY RESULTS (UNEXPECTED) Source link
Automate it! | Richard’s Infosec blog
“If you are doing a task more than twice? Then, automate it!” I hear that phrase all the time, but don’t often spend time doing…
Leaking data of millions and taking over any account · rez0
Hacking on a plane, by Midjourney AI This is a short write-up about how I could have accessed the personal and financial information for tens…
I hacked Outlook and could’ve read all of your EMAILS!
I hacked Outlook and could’ve read all of your EMAILS! Source link
Exploiting Acronis Cyber Backup for Fun and Emails – RCE Security
CVE-2020-16171: Exploiting Acronis Cyber Backup for Fun and Emails You have probably read one or more blog posts about SSRFs, many being escalated to RCE.…
Broken Access Control – Lab #8 UID controlled by parameter, with unpredictable UIDs | Long Version
Broken Access Control – Lab #8 UID controlled by parameter, with unpredictable UIDs | Long Version Source link
Don’t make random HTTP requests. – YouTube
Don’t make random HTTP requests. Source link
My bounty infrastructure
My bounty infrastructure with Docker [31/12/2020] : Updated the post for Rengine to v0.5 and a clearer / cleaner configuration of Traefik as well as…