Vulnerability Summary The Horde project comprises of several standalone applications and libraries. The Horde Groupware Webmail Edition suite bundles several of them by default, among those, Data is a library used to manager data import/export in several…

Penetration tests guide based on OWASP including test cases, resources and examples. - Voorivex/pentest-guide

A vulnerability in the handling of CSV data import allows authenticated users to inject arbitrary PHP code thus achieving RCE on the server hosting the web application.

There is a lot of excellent public research on attacking Azure, however, most research tends to focus on tactics that assume you have first obtained some form of access, such as compromised credentials. This post will focus on one example of obtaining those…

Understanding the proper URL structure is important to every Bug bounty hunter. So lets go deep dive into the URL structure.

Privacy Violation issue Instagram

Reverse proxies cheatsheet. Contribute to GrrrDog/weird_proxies development by creating an account on GitHub.

We demonstrate how one can recover mt_rand()'s seed with only two outputs and without any bruteforce.

C2 Powershell Command & Control Framework with BuiltIn Commands (Modules) - r00t-3xp10it/meterpeter

Identify past, current, and possible future locations through the geolocation and chronolocation of media provided by a specific user.

Hi guys! My name is Ali Tütüncü and I am a security researcher. When I started to bug bounty, I said “I will find a vulnerability on…

Website of Ezequiel Pereira, Uruguayan security enthusiast and student.

How to find vulnerabilities where no one has looked for them yet?

Modern Memory Safety in C/C++. Contribute to struct/mms development by creating an account on GitHub.

https://t.co/dIcl2ddG9g is not only site you should check for leaks, here are some others: https://t.co/W24EggMRIl https://t.co/zXSBshpLms https://t.co/heiv3YRMLe #bugbounty #bugbountytips

TL;DR