From Quiz to Admin – Chaining Two 0-Days to Compromise An Uber WordPress – RCE Security
TL;DR While doing recon for H1-4420, I stumbled upon a WordPress blog that had a plugin enabled called SlickQuiz. Although the latest version 1.3.7.1 was…
Category: Mix
Broken Access Control – Lab #9 UID controlled by param with data leakage in redirect | Short Version
Broken Access Control – Lab #9 UID controlled by param with data leakage in redirect | Short Version Source link
This Website has No Code, or Does it?
This Website has No Code, or Does it? Source link
Basic recon to RCE
Recently on a BugBounty program I came across my first RCE, discovered and exploited rather quickly on a solution with a vulnerability that I don’t…
Browser powered scanning 2.0 | Blog
Tom Shelton-Lefley | 15 December 2022 at 14:30 UTC It’s been two years since we unleashed browser powered scanning on the world, and we decided…
How to Hunt for Prototype Pollution Vulnerabilities in Open Source Bug Bounty | #methodology
How to Hunt for Prototype Pollution Vulnerabilities in Open Source Bug Bounty | #methodology Source link
#NahamCon2022EU: Managing a Bug Bounty Program From a Hacker’s Perspective by @0xlupin
#NahamCon2022EU: Managing a Bug Bounty Program From a Hacker’s Perspective by @0xlupin Source link
Hack the Box: How does linux work?
Hack the Box: How does linux work? Source link
Stream 00 : How to Bypass WAF for your XSS ! (OSINT Bonus) 🔥
Stream 00 : How to Bypass WAF for your XSS ! (OSINT Bonus) 🔥 Source link
Velocity Exploit on Paper?
Velocity Exploit on Paper? Source link
Here’s how you can become member of my website.
My blog runs on Ghost. For some time it has a members feature. Last week I decided to enable it on my website. The reason?…
So Linus Tech Tips Got Hacked…
So Linus Tech Tips Got Hacked… Source link