How to Find Origin IP (Bypass WAF) | Bug Bounty Recon:
https://youtu.be/e--s76tsyb0?si=XWpLuNmHNjI1FBYh
https://youtu.be/e--s76tsyb0?si=XWpLuNmHNjI1FBYh
YouTube
(6)How to Find Origin IP (Bypass WAF) | Bug Bounty Recon
In this video, I explain what Origin IP is and why it is important in bug bounty hunting and penetration testing.
Origin IP is the real server IP behind a website.
Even if a site is protected by services like Cloudflare or a WAF, the real server still exists…
Origin IP is the real server IP behind a website.
Even if a site is protected by services like Cloudflare or a WAF, the real server still exists…
❤33❤🔥4
HTML Injection + Open Redirect Attack | Easy Bug Bounty Finds:
https://youtu.be/YXkfYZoKqgo
https://youtu.be/YXkfYZoKqgo
YouTube
(7)HTML Injection + Open Redirect Attack | Easy Bug Bounty Finds
In this video I demonstrate how security researchers and bug bounty hunters discover and exploit HTML Injection and Open Redirect vulnerabilities in real-world applications.
You will learn practical techniques used in real bug bounty hunting and penetration…
You will learn practical techniques used in real bug bounty hunting and penetration…
🔥31❤10❤🔥3
The Art of Knowing Everything Before You Hack Anything part 1:
https://medium.com/@NeM0x00/the-art-of-knowing-everything-before-you-hack-anything-part-1-14fad1e575f3
https://medium.com/@NeM0x00/the-art-of-knowing-everything-before-you-hack-anything-part-1-14fad1e575f3
Medium
The Art of Knowing Everything Before You Hack Anything part 1
Introduction
❤26❤🔥3
You can read the subtitles in English on the YouTube video using this extension:
https://chromewebstore.google.com/detail/glot-extension/dbnjpielondlkmdjbembloegkaabfakc
https://chromewebstore.google.com/detail/glot-extension/dbnjpielondlkmdjbembloegkaabfakc
❤13
We’ve just released 6 new videos covering real-world vulnerabilities:
• Exposed API Grant Unauthorized Access to Premium Option
https://www.youtube.com/watch?v=W0aCx6aaKaw
• Email Verification Bypass
https://www.youtube.com/watch?v=HqH3IXYT3Ds
• Business Logic Bugs: Admin Couldn’t Delete Files!
https://www.youtube.com/watch?v=w28D0_evC80
• Bypassing the AI Chat Limit
https://www.youtube.com/watch?v=sPaZzk37PWA
• How Pre-Account Takeover Works + Access Control Bypass
https://www.youtube.com/watch?v=ehNHpbaQrPY
• Unauthorized Email Modification & Account Lockout
https://www.youtube.com/watch?v=qMa9BZ6QQ8k&t=8s
• Exposed API Grant Unauthorized Access to Premium Option
https://www.youtube.com/watch?v=W0aCx6aaKaw
• Email Verification Bypass
https://www.youtube.com/watch?v=HqH3IXYT3Ds
• Business Logic Bugs: Admin Couldn’t Delete Files!
https://www.youtube.com/watch?v=w28D0_evC80
• Bypassing the AI Chat Limit
https://www.youtube.com/watch?v=sPaZzk37PWA
• How Pre-Account Takeover Works + Access Control Bypass
https://www.youtube.com/watch?v=ehNHpbaQrPY
• Unauthorized Email Modification & Account Lockout
https://www.youtube.com/watch?v=qMa9BZ6QQ8k&t=8s
YouTube
(17)Exposed API Grant Unauthorized Access to Premium Option
In this video, I walk through a real issue where an exposed API endpoint allowed access to premium features without any proper authorization.
The idea here is simple: the backend trusted a request it shouldn’t trust.
I’ll break down:
- How exposed APIs…
The idea here is simple: the backend trusted a request it shouldn’t trust.
I’ll break down:
- How exposed APIs…
❤55🔥8🥰1👾1
🚨 Critical Vulnerability
🚨 Critical Hardcoded IBM Cloud API Key in Admin JavaScript Allows Unauthorized IAM Token Generation (Cloud Account Compromise)
📝 Full writeup:
https://www.facebook.com/share/p/18JAevtdRq/?mibextid=wwXIfr
🚨 Critical Hardcoded IBM Cloud API Key in Admin JavaScript Allows Unauthorized IAM Token Generation (Cloud Account Compromise)
📝 Full writeup:
https://www.facebook.com/share/p/18JAevtdRq/?mibextid=wwXIfr
❤20🔥6
My First Accepted HackerOne Report: Finding Exposed API Keys Across 5 Targets:
https://medium.com/@ziadali200244/my-first-accepted-hackerone-report-finding-exposed-weglot-api-keys-across-5-targets-fb14ecda869b
https://medium.com/@ziadali200244/my-first-accepted-hackerone-report-finding-exposed-weglot-api-keys-across-5-targets-fb14ecda869b
Medium
My First Accepted HackerOne Report: Finding Exposed Weglot API Keys Across 5 Targets
Good evening everyone. This writeup is about my first report accepted on HackerOne and how I found the same issue on 5 different targets.
❤34🔥9