ExploitHub – Telegram

ExploitHub

6.38K subscribers

18 photos

1 video

15 files

348 links

Download Telegram

About

Blog

Apps

Platform

6.38K subscribers

“Readme.com Account Takeover #BugBounty #FullDisclosure” by Ankush Goel https://link.medium.com/aXznAUn2I3

Readme.com Account Takeover #BugBounty #FullDisclosure #Fixed

2.2K views14:03

“Full Account Takeover Changing Email And Password of any User through API Parameters” by Adesh Kolte https://link.medium.com/8inNnQw2I3

Full Account Takeover via Changing Email And Password of any User through API Parameters

I’m going to talk about a common and strange password reset system that I have seen many times in Bug Hunting and in many VAPT projects. and in many cases this system opens the door to attacker to…

2.2K views14:05

“How I found the most critical bug in live bug bounty event?” by Lakshay https://link.medium.com/CwfZBZO2I3

How I found the most critical bug in live bug bounty event?

Hey Folks! Hope you guys are doing great.

2.2K views14:09

“Password Reset Vulnerability — Full Account takeover (Insecure Direct Object Reference)” by Muhammad Asim Shahzad https://link.medium.com/d6BPOQZ2I3

2.2K views14:11

https://thezerohack.com/hack-instagram-again

How I Hacked Instagram Again - The Zero Hack

This article is about an account takeover vulnerability I found on Instagram that allows anyone to hack Instagram accounts without consent permission. Facebook and Instagram security team fixed the issue and rewarded me $10000 as a part of their bounty program. …

2.2K views14:14

https://ninadmathpati.com/how-i-was-able-to-earn-1000-with-just-10-minutes-of-bug-bounty/

How I was able to earn 1000$ with just 10 minutes of bug bounty? - Ninad Mathpati

All about Password reset configurations

2.3K views14:17

“Top 25 RCE Bug Bounty Reports” by Cristian Cornea

https://link.medium.com/IUdLa32KH3

Top 25 RCE Bug Bounty Reports

In this article, we will discuss Remote Code Execution (RCE) vulnerability, how to find one and present 25 disclosed reports based on this

2.7K views15:22

2.6K views18:21

https://hazana.xyz/posts/escalating-reflected-xss-with-http-smuggling/?fbclid=IwAR32L1AF5Tm9ExAbcDfZJ9fswKSgj-vMCQPMU75ZcOJ88nsvJyLGGATDhiw

2.5K views03:10

Actual XSS in 2020

https://netsec.expert/2020/02/01/xss-in-2020.html

3.2K viewsedited 03:14

https://victoni.github.io/bug-hunting-xss-on-cookie-popup-warning/

2.6K views03:39

“Two-factor authentication security testing and possible bypasses” by Max https://link.medium.com/vWnWo4H6A3

Two-factor authentication security testing and possible bypasses

Before I began to comprehend the complex science of information security, it seemed to me that Two-Factor Authentication is a guaranteed…

2.3K views03:20

https://github.com/w181496/Web-CTF-Cheatsheet

GitHub - w181496/Web-CTF-Cheatsheet: Web CTF CheatSheet 🐈

Web CTF CheatSheet 🐈. Contribute to w181496/Web-CTF-Cheatsheet development by creating an account on GitHub.

2.2K views03:37

Dropbox bug bounty program has paid out over $1,000,000
https://blogs.dropbox.com/tech/2020/02/dropbox-bug-bounty-program-has-paid-out-over-1000000/

2.0K views03:42

A Not-So-Blind RCE with SQL Injection
https://medium.com/@notsoshant/a-not-so-blind-rce-with-sql-injection-13838026331e

A Not-So-Blind RCE with SQL Injection

This is a story of a typical xp_cmdshell giving a RCE which is blind due to some restrictions and how I bypassed those restrictions.

1.9K views03:42

Forwarded from h1disclosebot

GitHub Security Lab disclosed a bug submitted by calderpwn: https://t.co/kJySKZdV0Z - Bounty: $1,000 #hackerone… https://t.co/x9GJt0F42A

GitHub Security Lab disclosed on HackerOne: CodeQL query to detect...

Report created by importer

1.8K views03:59

https://medium.com/comm-it/binary-exploitation-ret2libc-e812074bb45b?source=search_post

Binary Exploitation — ret2libc

In this post, I would like to share a binary exploitation example from PicoCTF-2018 called got-2-learn-libc.

1.9K views04:02

https://medium.com/bugbountywriteup/binary-exploitation-5fe810db3ed4?source=search_post

Modern Binary Exploitation Writeups 0x01

This is the writeup of Modern Binary Exploitation course by RIPSEC.

1.8K views04:02

https://medium.com/swlh/binary-exploitation-format-string-vulnerabilities-70edd501c5be

Binary Exploitation: Format String Vulnerabilities

And how printing a string led to code execution?!!

1.7K views04:02

https://medium.com/bugbountywriteup/binary-exploitation-5fe810db3ed4

Modern Binary Exploitation Writeups 0x01

This is the writeup of Modern Binary Exploitation course by RIPSEC.

1.8K views04:02

WebSocket attacks

1. https://t.co/1V2XJnYsrc
2. https://t.co/jbIZKoIflw
3. https://t.co/Fg7uUwd7YB
4. https://t.co/jOVTIFWUEk
5. https://t.co/iiVV2uzm0J
6. https://t.co/iiVV2uzm0J
7. https://t.co/iiVV2uzm0J
8. https://t.co/nRqwcFe4zX

#bugbounty #bugbountytips

cat ~/footstep.ninja/blog.txt

The HTML5 Herald

1.9K views04:06