Weβve just released 6 new videos covering real-world vulnerabilities:
β’ Exposed API Grant Unauthorized Access to Premium Option
https://www.youtube.com/watch?v=W0aCx6aaKaw
β’ Email Verification Bypass
https://www.youtube.com/watch?v=HqH3IXYT3Ds
β’ Business Logic Bugs: Admin Couldnβt Delete Files!
https://www.youtube.com/watch?v=w28D0_evC80
β’ Bypassing the AI Chat Limit
https://www.youtube.com/watch?v=sPaZzk37PWA
β’ How Pre-Account Takeover Works + Access Control Bypass
https://www.youtube.com/watch?v=ehNHpbaQrPY
β’ Unauthorized Email Modification & Account Lockout
https://www.youtube.com/watch?v=qMa9BZ6QQ8k&t=8s
β’ Exposed API Grant Unauthorized Access to Premium Option
https://www.youtube.com/watch?v=W0aCx6aaKaw
β’ Email Verification Bypass
https://www.youtube.com/watch?v=HqH3IXYT3Ds
β’ Business Logic Bugs: Admin Couldnβt Delete Files!
https://www.youtube.com/watch?v=w28D0_evC80
β’ Bypassing the AI Chat Limit
https://www.youtube.com/watch?v=sPaZzk37PWA
β’ How Pre-Account Takeover Works + Access Control Bypass
https://www.youtube.com/watch?v=ehNHpbaQrPY
β’ Unauthorized Email Modification & Account Lockout
https://www.youtube.com/watch?v=qMa9BZ6QQ8k&t=8s
YouTube
(17)Exposed API Grant Unauthorized Access to Premium Option
In this video, I walk through a real issue where an exposed API endpoint allowed access to premium features without any proper authorization.
The idea here is simple: the backend trusted a request it shouldnβt trust.
Iβll break down:
- How exposed APIsβ¦
The idea here is simple: the backend trusted a request it shouldnβt trust.
Iβll break down:
- How exposed APIsβ¦
β€55π₯8π₯°1πΎ1
π¨ Critical Vulnerability
π¨ Critical Hardcoded IBM Cloud API Key in Admin JavaScript Allows Unauthorized IAM Token Generation (Cloud Account Compromise)
π Full writeup:
https://www.facebook.com/share/p/18JAevtdRq/?mibextid=wwXIfr
π¨ Critical Hardcoded IBM Cloud API Key in Admin JavaScript Allows Unauthorized IAM Token Generation (Cloud Account Compromise)
π Full writeup:
https://www.facebook.com/share/p/18JAevtdRq/?mibextid=wwXIfr
β€20π₯6
My First Accepted HackerOne Report: Finding Exposed API Keys Across 5 Targets:
https://medium.com/@ziadali200244/my-first-accepted-hackerone-report-finding-exposed-weglot-api-keys-across-5-targets-fb14ecda869b
https://medium.com/@ziadali200244/my-first-accepted-hackerone-report-finding-exposed-weglot-api-keys-across-5-targets-fb14ecda869b
Medium
My First Accepted HackerOne Report: Finding Exposed Weglot API Keys Across 5 Targets
Good evening everyone. This writeup is about my first report accepted on HackerOne and how I found the same issue on 5 different targets.
β€34π₯9
Self hosted +Bug bounty programsβ¬οΈ
*.cleeng.com
security@cleeng.com
βββββββββββββ
*.redsift.com
security@redsift.com
βββββββββββββ
*.plain.com
security@plain.com
βββββββββββββ
*.linkdm.com
support@linkdm.com
βββββββββββββ
*.ory.com
security@ory.com
βββββββββββββ
*. aquanow.com
bugbounty@aquanow.com
βββββββββββββ
https://github.com/swisscom/bugbounty
βββββββββββββ
https://www.spendesk.com/.well-known/security.txt
βββββββββββββ
https://help.spreaker.com/en/articles/5123644-bug-bounty-program
βββββββββββββ
https://www.fjdynamics.com/jp/bug-bounty-program
βββββββββββββ
https://www.klook.com/bugbounty
βββββββββββββ
https://gobright.com/responsible-disclosure-policy/
βββββββββββββ
https://www.make.com/en/bounty
βββββββββββββ
https://www.pubnub.com/bug-bounty-policy/
βββββββββββββ
https://help.doit.com/docs/vendor-information/bug-bounty-program
βββββββββββββ
https://www.lenskart.com/vulnerability-disclosure-policy
βββββββββββββ
https://www.talentlms.com/vulnerabilitypolicy
βββββββββββββ
https://whatbox.ca/policies/security
βββββββββββββ
*.perlego.com
security@perlego.com
βββββββββββββ
https://support.playerauctions.com/hc/en-us/articles/49330305602585-PlayerAuctions-Bug-Bounty-Program
*.cleeng.com
security@cleeng.com
βββββββββββββ
*.redsift.com
security@redsift.com
βββββββββββββ
*.plain.com
security@plain.com
βββββββββββββ
*.linkdm.com
support@linkdm.com
βββββββββββββ
*.ory.com
security@ory.com
βββββββββββββ
*. aquanow.com
bugbounty@aquanow.com
βββββββββββββ
https://github.com/swisscom/bugbounty
βββββββββββββ
https://www.spendesk.com/.well-known/security.txt
βββββββββββββ
https://help.spreaker.com/en/articles/5123644-bug-bounty-program
βββββββββββββ
https://www.fjdynamics.com/jp/bug-bounty-program
βββββββββββββ
https://www.klook.com/bugbounty
βββββββββββββ
https://gobright.com/responsible-disclosure-policy/
βββββββββββββ
https://www.make.com/en/bounty
βββββββββββββ
https://www.pubnub.com/bug-bounty-policy/
βββββββββββββ
https://help.doit.com/docs/vendor-information/bug-bounty-program
βββββββββββββ
https://www.lenskart.com/vulnerability-disclosure-policy
βββββββββββββ
https://www.talentlms.com/vulnerabilitypolicy
βββββββββββββ
https://whatbox.ca/policies/security
βββββββββββββ
*.perlego.com
security@perlego.com
βββββββββββββ
https://support.playerauctions.com/hc/en-us/articles/49330305602585-PlayerAuctions-Bug-Bounty-Program
β€22
Critical Exposure of Algolia Admin API Key in Client-Side JavaScript:
https://medium.com/@zx10a/critical-exposure-of-algolia-admin-api-key-in-client-side-javascript-c41cacb4aed6
https://medium.com/@zx10a/critical-exposure-of-algolia-admin-api-key-in-client-side-javascript-c41cacb4aed6
β€22π₯5π1