Finding Hidden Files and Folders on IIS using BigQuery – Assetnote
Motivations I recently made a video on how to find hidden files and folders on IIS through the use of IIS Shortname Scanner. Using…
Category: Mix
Don’t Reply: A Clever Phishing Method In Apple’s Mail App
About four or five years ago, friend and fellow bug bounty hunter Sam Curry asked if I had “ever thought about what was possible to…
Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js Library
Overview On August 24th, 2022, we reported a vulnerability to Netlify affecting their Next.js “netlify-ipx” repository which would allow an attacker to achieve persistent cross-site…
ChiBrrCon 2020: Don’t Cross Me! Same Origin Policy and all the “cross” vulns
ChiBrrCon 2020: Don’t Cross Me! Same Origin Policy and all the “cross” vulns Source link
[Google VRP] SSRF in Google Cloud Platform StackDriver – Ron Chan
During the process of testing GAE after reading this awesome blog post, I found a debug application in Google Cloud Platform Stackdriver, user can debug…
FROM 0 to $$$$ – MY BIGGEST BUG BOUNTY LEARNINGS!
FROM 0 to $$$$ – MY BIGGEST BUG BOUNTY LEARNINGS! Source link
Bountycon2020 Presentation | Richard’s Infosec blog
I was recently invited to present at BountyCon 2020. This was supposed to early March in Singapore where flights and accomodations were all provided for.…
How to Spend Time Well, A Framework · rez0
For a healthy person in a first world country, the number of things we could do is near infinite. And yet, everyone spends 90% of…
Include This In Your Hacking Workflow by Continuous Monitoring with AuthoGraphQL (How-to guide)
Include This In Your Hacking Workflow by Continuous Monitoring with AuthoGraphQL (How-to guide) Source link
Samesite by Default and What It Means for Bug Bounty Hunters
31 January 2020 You have probably heard of the SameSite attribute addition to HTTP cookies since Chrome 51 (and a specification thereafter). It was advertised…
Exploiting a Blind SQL Injection via XSS – RCE Security
Introduction You probably have read about my recent swamp of CVEs affecting a WordPress plugin called Transposh Translation Filter, which resulted in more than $30,000…
Broken Access Control – Lab #7 User ID controlled by request parameter | Short Version
Broken Access Control – Lab #7 User ID controlled by request parameter | Short Version Source link