Forwarded from CYBER TRICKS ZONE ๐ฎ๐ณ๐ฉ (๐๐ง๐ค๐ฉ๐ค๐๐ค๐ก ๐๐๐๐ )
Master OAuth 2.0 Vulnerability
#bugbounty #infosec
Difficulty : Any
OAuth 2.0 Resources :๐
โข https://owasp.org/www-pdf-archive/20151215-Top_X_OAuth_2_Hacks-asanso.pdf
โข https://medium.com/@lokeshdlk77/stealing-facebook-mailchimp-application-oauth-2-0-access-token-3af51f89f5b0
โข https://medium.com/a-bugz-life/the-wondeful-world-of-oauth-bug-bounty-edition-af3073b354c1
โข https://gauravnarwani.com/misconfigured-oauth-to-account-takeover/
โข https://medium.com/@Jacksonkv22/oauth-misconfiguration-lead-to-complete-account-takeover-c8e4e89a96a
โข https://medium.com/@logicbomb_1/bugbounty-user-account-takeover-i-just-need-your-email-id-to-login-into-your-shopping-portal-7fd4fdd6dd56
โข https://medium.com/@protector47/full-account-takeover-via-referrer-header-oauth-token-steal-open-redirect-vulnerability-chaining-324a14a1567
โข https://hackerone.com/reports/49759
โข https://hackerone.com/reports/131202
โข https://hackerone.com/reports/6017
โข https://hackerone.com/reports/7900
โข https://hackerone.com/reports/244958
โข https://hackerone.com/reports/405100
โข https://ysamm.com/?p=379
โข https://amolbaikar.com/facebook-oauth-framework-vulnerability/
โขhttps://medium.com/@godofdarkness.msf/mail-ru-ext-b-scope-account-takeover-1500-abdb1560e5f9
โข https://medium.com/@tristanfarkas/finding-a-security-bug-in-discord-and-what-it-taught-me-516cda561295
โข https://medium.com/@0xgaurang/case-study-oauth-misconfiguration-leads-to-account-takeover-d3621fe8308b
โข https://medium.com/@rootxharsh_90844/abusing-feature-to-steal-your-tokens-f15f78cebf74
โข http://blog.intothesymmetry.com/2014/02/oauth-2-attacks-and-bug-bounties.html
โข http://blog.intothesymmetry.com/2015/04/open-redirect-in-rfc6749-aka-oauth-20.html
โข https://veracode.com/blog/research/spring-social-core-vulnerability-disclosure
โข https://medium.com/@apkash8/oauth-and-security-7fddce2e1dc5
โข https://xploitprotocol.medium.com/exploiting-oauth-2-0-authorization-code-grants-379798888893
Thanks You For Reading this ๐
Hope You'll like ๐ it
#bugbounty #infosec
Difficulty : Any
OAuth 2.0 Resources :๐
โข https://owasp.org/www-pdf-archive/20151215-Top_X_OAuth_2_Hacks-asanso.pdf
โข https://medium.com/@lokeshdlk77/stealing-facebook-mailchimp-application-oauth-2-0-access-token-3af51f89f5b0
โข https://medium.com/a-bugz-life/the-wondeful-world-of-oauth-bug-bounty-edition-af3073b354c1
โข https://gauravnarwani.com/misconfigured-oauth-to-account-takeover/
โข https://medium.com/@Jacksonkv22/oauth-misconfiguration-lead-to-complete-account-takeover-c8e4e89a96a
โข https://medium.com/@logicbomb_1/bugbounty-user-account-takeover-i-just-need-your-email-id-to-login-into-your-shopping-portal-7fd4fdd6dd56
โข https://medium.com/@protector47/full-account-takeover-via-referrer-header-oauth-token-steal-open-redirect-vulnerability-chaining-324a14a1567
โข https://hackerone.com/reports/49759
โข https://hackerone.com/reports/131202
โข https://hackerone.com/reports/6017
โข https://hackerone.com/reports/7900
โข https://hackerone.com/reports/244958
โข https://hackerone.com/reports/405100
โข https://ysamm.com/?p=379
โข https://amolbaikar.com/facebook-oauth-framework-vulnerability/
โขhttps://medium.com/@godofdarkness.msf/mail-ru-ext-b-scope-account-takeover-1500-abdb1560e5f9
โข https://medium.com/@tristanfarkas/finding-a-security-bug-in-discord-and-what-it-taught-me-516cda561295
โข https://medium.com/@0xgaurang/case-study-oauth-misconfiguration-leads-to-account-takeover-d3621fe8308b
โข https://medium.com/@rootxharsh_90844/abusing-feature-to-steal-your-tokens-f15f78cebf74
โข http://blog.intothesymmetry.com/2014/02/oauth-2-attacks-and-bug-bounties.html
โข http://blog.intothesymmetry.com/2015/04/open-redirect-in-rfc6749-aka-oauth-20.html
โข https://veracode.com/blog/research/spring-social-core-vulnerability-disclosure
โข https://medium.com/@apkash8/oauth-and-security-7fddce2e1dc5
โข https://xploitprotocol.medium.com/exploiting-oauth-2-0-authorization-code-grants-379798888893
Thanks You For Reading this ๐
Hope You'll like ๐ it
๐3
https://anubism3333.blogspot.com/2022/06/how-to-stay-motivated.html
https://anubism3333.blogspot.com/2022/06/at-which-time-you-should-feel-that-you.html
https://anubism3333.blogspot.com/2022/06/the-human-way-of-thinking.html
https://anubism3333.blogspot.com/2022/06/being-alone.html
https://anubism3333.blogspot.com/2022/07/the-quotations-that-reveal-reality.html
https://anubism3333.blogspot.com/2022/07/the-definition-of-love.html
https://hacklido.com/blog/271-windows-forensics-the-art-of-investigating-part-1
https://hacklido.com/d/56-windows-file-system-investigation-part-1introduction
https://hacklido.com/d/51-information-about-windows-registry
https://hacklido.com/d/55-windows-registry-investigation-cheatsheet-part-1
https://lonewarriorco.blogspot.com/2022/10/ram-forensics-using-volatility.html
https://hacklido.com/d/66-yara-language
https://hacklido.com/blog/251-securing-your-linux-server-with-host-based-firewall-protection-using-iptables
https://hacklido.com/blog/252-steps-to-set-up-a-firewall-with-ufw
https://hacklido.com/blog/258-honeypots-the-game-of-traps
https://hacklido.com/blog/262-proxy-my-love-part-1
https://www.codelivly.com/osint/
All my Motivational And Infosec Blogs.
https://anubism3333.blogspot.com/2022/06/at-which-time-you-should-feel-that-you.html
https://anubism3333.blogspot.com/2022/06/the-human-way-of-thinking.html
https://anubism3333.blogspot.com/2022/06/being-alone.html
https://anubism3333.blogspot.com/2022/07/the-quotations-that-reveal-reality.html
https://anubism3333.blogspot.com/2022/07/the-definition-of-love.html
https://hacklido.com/blog/271-windows-forensics-the-art-of-investigating-part-1
https://hacklido.com/d/56-windows-file-system-investigation-part-1introduction
https://hacklido.com/d/51-information-about-windows-registry
https://hacklido.com/d/55-windows-registry-investigation-cheatsheet-part-1
https://lonewarriorco.blogspot.com/2022/10/ram-forensics-using-volatility.html
https://hacklido.com/d/66-yara-language
https://hacklido.com/blog/251-securing-your-linux-server-with-host-based-firewall-protection-using-iptables
https://hacklido.com/blog/252-steps-to-set-up-a-firewall-with-ufw
https://hacklido.com/blog/258-honeypots-the-game-of-traps
https://hacklido.com/blog/262-proxy-my-love-part-1
https://www.codelivly.com/osint/
All my Motivational And Infosec Blogs.
๐ฅ3
๐ฒEnzyme is an jailbreak-free iOS modding framework that allows you to statically patch and hook iOS apps.
This repository contains an example using Enzyme. For modifying this, check out the CMakeLists.txt file, the patcher/main.py file, the patcher/bootstrap.asm file, and the src folder.
Download:- https://system32.ink/news-feed/p/213/
This repository contains an example using Enzyme. For modifying this, check out the CMakeLists.txt file, the patcher/main.py file, the patcher/bootstrap.asm file, and the src folder.
Download:- https://system32.ink/news-feed/p/213/
RedTeam-Tools-main.zip
40.1 KB
#RedTeam #hack #tools
Collection of 100+ tools and resources that can be useful for red teaming activities.
https://github.com/A-poc/RedTeam-Tools
Collection of 100+ tools and resources that can be useful for red teaming activities.
https://github.com/A-poc/RedTeam-Tools
๐1
Exploit for CVE-2022-25765 command injection in pdfkit < 0.8.6
download: https://system32.ink/news-feed/p/209/
download: https://system32.ink/news-feed/p/209/
๐3
๐ฅBrave browser 1 day exploit.
This is a remote crash that triggers in brave browser due to how the rss XML parsing happens by reading an item's title that contains the < (less than) character.
Download: https://system32.ink/news-feed/p/211/
This is a remote crash that triggers in brave browser due to how the rss XML parsing happens by reading an item's title that contains the < (less than) character.
Download: https://system32.ink/news-feed/p/211/
๐1
Forwarded from ๅฉro ็ชCracker
๐ฅChrome heap buffer overflow in validating command decoder(CVE-2022-4135)
Heap BoF/OOB access in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a SBX via a crafted HTML page.
๐กPatch CL
Exploit strategy:
The vulnerability immediately provides an attacker with an extremely powerful exploitation primitive -- a non-linear BoF with a controlled offset.
Exploit flow:
The exploit abuses the command buffer and GLES2 APIs for memory manipulation. A corrupted memory bucket is used to first leak data from the GPU process and break ASLR, and then, when the ROP chain is ready, hijack the control flow.
reproduce:
Heap BoF/OOB access in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a SBX via a crafted HTML page.
๐กPatch CL
Exploit strategy:
The vulnerability immediately provides an attacker with an extremely powerful exploitation primitive -- a non-linear BoF with a controlled offset.
Exploit flow:
The exploit abuses the command buffer and GLES2 APIs for memory manipulation. A corrupted memory bucket is used to first leak data from the GPU process and break ASLR, and then, when the ROP chain is ready, hijack the control flow.
reproduce:
<script>โ ๏ธPart of an exploit chain: CVE-2022-4135 + CVE-2022-3723
canvas = document.createElement("canvas");
document.documentElement.appendChild(canvas);
context = canvas.getContext("webgl2");
context.blendColor(0, 0, 0, 0);
</script>
๐ฅ๐ฅ๐ฅAdobe Acrobat Reader - resetForm - CAgg UaF - RCE Exploit(CVE-2023-21608)
Download: https://system32.ink/news-feed/p/212/
Download: https://system32.ink/news-feed/p/212/
๐ฅCobalt Strike BOF that bypasses AMSI in a remote process with code injection.
Download:- https://system32.ink/news-feed/p/214/
Download:- https://system32.ink/news-feed/p/214/
๐2
Forwarded from CYBER TRICKS ZONE ๐ฎ๐ณ๐ฉ (๐๐ง๐ค๐ฉ๐ค๐๐ค๐ก ๐๐๐๐ )
๐ช Standout as Web design Expert Course ๐ช
Download link-
https://mega.nz/folder/y3AkFAjT#j8-rd4vmddGn4utAgDITPQ
๐ Zip Password- @udemyking1
โฆโขโโโโโโโโโโโโโโโโโโขโฆ
๐ ๐๐ข๐ ๐ก ๐ฟ๐๐๐ & ๐น๐๐๐๐๐ค ๐๐ข๐ ๐๐๐๐๐ ๐
๐ท ๐๐๐๐ป๐๐๐ โ bit.ly/UFC-YouTube
๐ถ ๐ญ๐๐๐๐๐๐๐ โ fb.me/UdemyKing
๐ท ๐ณ๐๐๐๐๐ ๐ฐ๐ โ bit.ly/UFC-linkedin
๐ถ ๐ฐ๐๐๐๐๐๐๐๐ โ bit.ly/UFC-Insta
๐ท ๐ฑ๐๐๐ ๐ญ๐๐๐ โ t.me/UdemyKing1
โฆโขโโโโโโโโโโโโโโโโโโขโฆ
Download link-
https://mega.nz/folder/y3AkFAjT#j8-rd4vmddGn4utAgDITPQ
๐ Zip Password- @udemyking1
โฆโขโโโโโโโโโโโโโโโโโโขโฆ
๐ ๐๐ข๐ ๐ก ๐ฟ๐๐๐ & ๐น๐๐๐๐๐ค ๐๐ข๐ ๐๐๐๐๐ ๐
๐ท ๐๐๐๐ป๐๐๐ โ bit.ly/UFC-YouTube
๐ถ ๐ญ๐๐๐๐๐๐๐ โ fb.me/UdemyKing
๐ท ๐ณ๐๐๐๐๐ ๐ฐ๐ โ bit.ly/UFC-linkedin
๐ถ ๐ฐ๐๐๐๐๐๐๐๐ โ bit.ly/UFC-Insta
๐ท ๐ฑ๐๐๐ ๐ญ๐๐๐ โ t.me/UdemyKing1
โฆโขโโโโโโโโโโโโโโโโโโขโฆ