Simple Remote Code Execution Vulnerability Examples for Beginners
https://medium.com/@ozguralp/simple-remote-code-execution-vulnerability-examples-for-beginners-985867878311
https://medium.com/@ozguralp/simple-remote-code-execution-vulnerability-examples-for-beginners-985867878311
Medium
Simple Remote Code Execution Vulnerability Examples for Beginners
Especially when I talk with newbie security researchers/bug bounty hunters, they always make me feel as not thinking theirselves capable…
How to Use OWASP Amass: An Extensive Tutorial https://www.dionach.com/blog/how-to-use-owasp-amass-an-extensive-tutorial/
Multiple Host Header Attacks after bypassing protection with… a Header Attack https://0x00sec.org/t/multiple-host-header-attacks-after-bypassing-protection-with-a-header-attack/18018
0x00sec - The Home of the Hacker
Multiple Host Header Attacks after bypassing protection with... a Header Attack
I was searching for bug bounty programmes by using google dorks, when I came across one by a company, let’s say, Example Inc. They had a ,relatively, big scope and I thought I’d give that a try. After doing some recon and finding some interesting domains…
VLC 4.0.0 - Stack Buffer Overflow (SEH)
https://hackerone.com/reports/489102
https://hackerone.com/reports/489102
HackerOne
VLC (European Commission - DIGIT) disclosed on HackerOne: VLC 4.0.0...
**Summary:**
Incorrect calculation of Buffer Size in rist module for VLC leading to Stack Overflow with SEH chain overwrite.
The modules/access/rist module has an incorrect calculation of buffer...
Incorrect calculation of Buffer Size in rist module for VLC leading to Stack Overflow with SEH chain overwrite.
The modules/access/rist module has an incorrect calculation of buffer...
On Full-Time Bug Bounty Hunting
https://ajxchapman.github.io/bugbounty/2020/02/10/on-full-time-bug-bounty-hunting.html
https://ajxchapman.github.io/bugbounty/2020/02/10/on-full-time-bug-bounty-hunting.html
How I Made $600 in Bug Bounty in 15 Minutes with Contrast CE
https://securityboulevard.com/2020/02/how-i-made-600-in-bug-bounty-in-15-minutes-with-contrast-ce-cve-2019-8442/
https://securityboulevard.com/2020/02/how-i-made-600-in-bug-bounty-in-15-minutes-with-contrast-ce-cve-2019-8442/
Security Boulevard
How I Made $600 in Bug Bounty in 15 Minutes with Contrast CE – CVE- 2019-8442
We live in a dynamic economy that is constantly developing new ways to generate revenue. An area that fascinates me are the bug bounty programs such as Atlassian on BugCrowd. Generating tangible rewards from these programs is not an easy undertaking. After…
Facebook's BountyCon 2020 CTF Writeup https://blog.shoebpatel.com/2020/01/31/Facebooks-BountyCon-2020-CTF-Writeup/
CaptainFreak
Facebook's BountyCon 2020 CTF Writeup
BountyCon2020BountyCon is an invitation-only application security conference arranged by Facebook annually in Singapore for the BugBounty Community of Asia-Pacific region. For more information about i
Weird Vulnerabilities Happening on Load Balancers, Shallow Copies and Caches
https://medium.com/@ozguralp/weird-vulnerabilities-happening-on-load-balancers-shallow-copies-and-caches-9194d4f72322
https://medium.com/@ozguralp/weird-vulnerabilities-happening-on-load-balancers-shallow-copies-and-caches-9194d4f72322
Medium
Weird Vulnerabilities Happening on Load Balancers, Shallow Copies and Caches
When looking for security vulnerabilities on a web application - either for bug hunting or a penetration test project -, I always check 2…
■■■■□ Exploiting #WebSocket [Application Wide XSS / CSRF]
https://medium.com/@osamaavvan/exploiting-websocket-application-wide-xss-csrf-66e9e2ac8dfa
https://medium.com/@osamaavvan/exploiting-websocket-application-wide-xss-csrf-66e9e2ac8dfa
Medium
Exploiting WebSocket [Application Wide XSS / CSRF]
Assalam u Alikum, it’s been a while I haven’t contributed to this wonderful community so I am back with a new write up about WebSocket…
■■■□□ #GoodReport
How We Found Another #XSS in #Google with #Acunetix
https://www.acunetix.com/blog/web-security-zone/xss-google-acunetix/
How We Found Another #XSS in #Google with #Acunetix
https://www.acunetix.com/blog/web-security-zone/xss-google-acunetix/
Acunetix
How We Found Another XSS in Google with Acunetix | Acunetix
Some time ago, we found an XSS in Google Cloud with the help of the Acunetix vulnerability scanner. Recently we found another XSS vulnerability. Here is how it happened.
■■□□□ #FaceBook #OUR | Open URL Redirect.
https://medium.com/@dwi.siswanto98/open-redirect-on-facebook-bypass-linkshim-4050f680d45c
https://medium.com/@dwi.siswanto98/open-redirect-on-facebook-bypass-linkshim-4050f680d45c
Medium
Open-redirect Vulnerability on Facebook
My Facebook personal account is blocked for up to a month because violating Facebook community standards for over-shitposting, LMAO.
■■■□□ Stored #XSS on Angular JS 1.4.9
https://medium.com/@vbharad/stored-xss-on-angular-js-1-4-9-b2f6121d8c59
https://medium.com/@vbharad/stored-xss-on-angular-js-1-4-9-b2f6121d8c59
Medium
Stored XSS on Angular JS 1.4.9
Introduction :
■■■■□ #ZeroDay | 0-day vulnerability (#backdoor) in firmware for #HiSilicon-based DVRs, NVRs and IP #cameras :
https://habr.com/en/post/486856/
https://habr.com/en/post/486856/
Habr
Full disclosure: 0day vulnerability (backdoor) in firmware for Xiaongmai-based DVRs, NVRs and IP cameras
This is a full disclosure of recent backdoor integrated into DVR/NVR devices built on top of HiSilicon SoC with Xiaongmai firmware. Described vulnerability...