Story: The NPMJS Claim
Story: The NPMJS Claim Source link
Category: Mix
Stealing Cheats from Cheaters (Teleport Hack)
Stealing Cheats from Cheaters (Teleport Hack) Source link
Enumeration risks in password managers
I’m not a LastPass user but this tweet from Sean Wright caught my attention. Just as I thought… LastPass considers a user enumeration issue to…
a Hacker’s Backdoor: Service Control Manager
a Hacker’s Backdoor: Service Control Manager Source link
ToolTime – WayMore (Historical Content Discovery)
ToolTime – WayMore (Historical Content Discovery) Source link
Turning Self-XSS into Good-XSS – Jack
Now that the Uber bug bounty programme has launched publicly, I can publish some of my favourite submissions, which I’ve been itching to do over…
FT 1000: Intigriti named in the Financial Times’ top 500 fastest-growing European companies
Intigriti was one of five Belgian companies to feature in the FT 1000 List of Europe’s Fastest Growing Companies. Intigriti, the Belgium-based bug bounty and…
limited freemarker ssti to arbitrary liql query and manage lithium cms
we faced (w/ @celalerdik) an interesting ssti vulnerability on a bugcrowd’s program. we could show the traditional ’49’ number when trying the ${7*7} command, also…
Advent of Cyber 2022: Day 17 Filtering for Order Amidst Chaos (Walkthrough)
Advent of Cyber 2022: Day 17 Filtering for Order Amidst Chaos (Walkthrough) Source link
OAuth and PostMessage
Tl;DR; An OAuth misconfiguration was discovered in the redirect_uri parameter at the target’s OAuth IDP at https://app.target.com/oauth/authorize, which allowed attackers to control the path of…
How They Got Hacked Episode Fifty Nine 59
How They Got Hacked Episode Fifty Nine 59 Source link
WILSON Cloud Respwnder – honoki
If you’re a Burp Suite user, you’ll be familiar with Burp Collaborator: a service that allows you to monitor out-of-band interactions to a remote server,…