Turning Self-XSS into Good-XSS – Jack
Now that the Uber bug bounty programme has launched publicly, I can publish some of my favourite submissions, which I’ve been itching to do over…
Category: Mix
FT 1000: Intigriti named in the Financial Times’ top 500 fastest-growing European companies
Intigriti was one of five Belgian companies to feature in the FT 1000 List of Europe’s Fastest Growing Companies. Intigriti, the Belgium-based bug bounty and…
limited freemarker ssti to arbitrary liql query and manage lithium cms
we faced (w/ @celalerdik) an interesting ssti vulnerability on a bugcrowd’s program. we could show the traditional ’49’ number when trying the ${7*7} command, also…
Advent of Cyber 2022: Day 17 Filtering for Order Amidst Chaos (Walkthrough)
Advent of Cyber 2022: Day 17 Filtering for Order Amidst Chaos (Walkthrough) Source link
OAuth and PostMessage
Tl;DR; An OAuth misconfiguration was discovered in the redirect_uri parameter at the target’s OAuth IDP at https://app.target.com/oauth/authorize, which allowed attackers to control the path of…
How They Got Hacked Episode Fifty Nine 59
How They Got Hacked Episode Fifty Nine 59 Source link
WILSON Cloud Respwnder – honoki
If you’re a Burp Suite user, you’ll be familiar with Burp Collaborator: a service that allows you to monitor out-of-band interactions to a remote server,…
Here’s why you need HackerContent
Here’s why you need HackerContent Source link
SNI Injection
🔍 Introduction SNI SNI(Server Name Indication)은 TLS의 확장 기능으로 handshake 과정 초기에 클라이언트가 어떤 호스트에 접속하는지 서버에게 알리는 역할을 수행합니다. RFC 6066 SNI Injection 이러한…
Playing With Idors With @IAmRenganathan | Hacker2Hacker | Hacking IRCTC #bugbounty
Playing With Idors With @IAmRenganathan | Hacker2Hacker | Hacking IRCTC #bugbounty Source link
Extreme Transparency or Corporate Security Responsibility?
Extreme Transparency or Corporate Security Responsibility? Source link
Ambassador Spotlight: samux | HackerOne
What made you want to become an ambassador? I wanted to become an ambassador mainly because I wished to create a community to exchange information…