wsuup famπ
I just found a high-severity CORS bug on VDP program. The vulnerability exists in their API endpoint, and it allows requests from hosts that have this domain as a suffix.and it leads to Session Hijacking, account takeover and API Data Exfiltration.π€π€
Now, I'm exploring whether I can chain this with other vulnerabilities like idor or smth before submitting my report.
@AfroSec
I just found a high-severity CORS bug on VDP program. The vulnerability exists in their API endpoint, and it allows requests from hosts that have this domain as a suffix.and it leads to Session Hijacking, account takeover and API Data Exfiltration.π€π€
Now, I'm exploring whether I can chain this with other vulnerabilities like idor or smth before submitting my report.
@AfroSec
β€3β‘1
Timeless
The Weeknd & Playboi Carti
Wow, theweekend ππ₯π₯π₯
Just discovered this banger today, and I had to share it with YOU!π
@AfroSec
Just discovered this banger today, and I had to share it with YOU!π
@AfroSec
π₯4
AfroSec
The Weeknd & Playboi Carti β Timeless
This media is not supported in your browser
VIEW IN TELEGRAM
Forwarded from ππ€π¨π©π¨ππ
you can use this template for wordpress setup config disclosure that contains so senstive info that count as p1 just run this template on all bbp subdomains..
echo 'https://speedtest.textrapp.com/' | nuclei -t prsnl/wp-setup-config.yaml
subfinder -d example.com -all | httpx-toolkit | nuclei -t prsnl/wp-setup-config.yaml
https://github.com/coffinxp/nuclei-templates/blob/main/wp-setup-config.yaml
https://speedtest.textrapp.com//wp-admin/setup-config.php?step=1
echo 'https://speedtest.textrapp.com/' | nuclei -t prsnl/wp-setup-config.yaml
subfinder -d example.com -all | httpx-toolkit | nuclei -t prsnl/wp-setup-config.yaml
https://github.com/coffinxp/nuclei-templates/blob/main/wp-setup-config.yaml
https://speedtest.textrapp.com//wp-admin/setup-config.php?step=1
π3
AfroSec
βοΈ Sticker
This is me every night trying to stay awake the whole night, acting sleepy all day, and then getting roasted by our lecturer π
@AfroSec
@AfroSec
π€£2
As we all know, reading Proof-of-Concepts (PoCs) and writeups is highly recommended for improving at bug hunting. I came across this awesome GitHub repository filled with top-notch bug bounty reports:
π Awesome Bug_writeups
Check it out and start learning from the best! π
@AfroSec
π Awesome Bug_writeups
Check it out and start learning from the best! π
@AfroSec
π5
This media is not supported in your browser
VIEW IN TELEGRAM
what a Christmas song huh ππ
@AfroSec
@AfroSec
π€£6
[rocketπ ]
So, I'm not really into physics and engineering stuff, but yea, I'm studying electromechanical engineering ππ [donβt ask me why]. While I was searching for vid on YouTube, just saw this guy and i just say [ymechew π]. Honestly, this is some serious physics, and itβs kinda motivational for anyone obsessed with rocket science and that kind of thing, like my buddy [@Natyiu0] and others.
@AfroSec
So, I'm not really into physics and engineering stuff, but yea, I'm studying electromechanical engineering ππ [donβt ask me why]. While I was searching for vid on YouTube, just saw this guy and i just say [ymechew π]. Honestly, this is some serious physics, and itβs kinda motivational for anyone obsessed with rocket science and that kind of thing, like my buddy [@Natyiu0] and others.
@AfroSec
YouTube
I Landed A Rocket Like SpaceX - Scout F
STUCK THE LANDING! Didn't think it would take 7 years but Β―\_(γ)_/Β―
Launch livestreams, raw footage/data, and the BPS Discord: https://www.patreon.com/bps_space
Become an Intern for BPS.space: https://bps.space/products/bps-whos-in-charge-here
Here is 7.5β¦
Launch livestreams, raw footage/data, and the BPS Discord: https://www.patreon.com/bps_space
Become an Intern for BPS.space: https://bps.space/products/bps-whos-in-charge-here
Here is 7.5β¦