#Beacon
https://github.com/joaomatosf/jexboss
YouTube
Vulnerability Facebook { JBoss jmx console deserelization Bug Bounty }
Description Impact
Detalhes completos
enquanto eu navegava pelo facebook veriquei que na pagina era utilizado Jboss então resolvi verificar a possibilidade de existirem falhas ou serviços expostos foi entao que encontrei algumas coisas interessantes como…
Detalhes completos
enquanto eu navegava pelo facebook veriquei que na pagina era utilizado Jboss então resolvi verificar a possibilidade de existirem falhas ou serviços expostos foi entao que encontrei algumas coisas interessantes como…
Forwarded from beacon private!
Bug Bounty Hunting Search Engine
Bug Bounty Writeups 2010-2022
Pentest Book
Hacking Articles
HackTricks
0xdf hack stuff [HTB]
Discord Resources - Search Engine
Aldeid: Penetration Testing
iRedTeam - RedTeam Experiments
InfoSecMatter Practical CyberSecurity
Bug Bounty Writeups 2010-2022
Pentest Book
Hacking Articles
HackTricks
0xdf hack stuff [HTB]
Discord Resources - Search Engine
Aldeid: Penetration Testing
iRedTeam - RedTeam Experiments
InfoSecMatter Practical CyberSecurity
Bugbountyhunting
BugBountyHunting.com - A community-curated Resource for Bug Bounty Hunting
BugBountyHunting.com collects writeups, resources and content related to bug bounty hunting to help you access them quickly.
It's goal is to help beginners starting in web application security to learn more about bug bounty hunting.
It's goal is to help beginners starting in web application security to learn more about bug bounty hunting.
Forwarded from PT SWARM
Account hijacking using "dirty dancing" in sign-in OAuth-flows
👤 by Frans Rosén
Combining response-type switching, invalid state and redirect-uri quirks using OAuth, with third-party javascript-inclusions has multiple vulnerable scenarios where authorization codes or tokens could leak to an attacker. This could be used in attacks for single-click account takeovers. Frans Rosén, Security Advisor at Detectify goes through three different scenarios found in the wild below and also suggests ways to reduce the risk.
📝 Contents:
• Background
• Current state and assumptions about OAuth credential leakage
• Explanation of different OAuth-dances
• Response modes
• A theory: stealing tokens through postMessage
• It took a lot of time to get here
• Non-happy paths in the OAuth-dance
• Break state intentionally
• Response-type/Response-mode switching
• Redirect-uri case shifting
• Redirect-uri path appending
• Redirect-uri parameter appending
• Redirect-uri leftovers or misconfigurations
• I ended up on a non-happy path. Now what?
• Here be more time
• URL-leaking gadgets
• Other ideas for leaking URLs
• A page on a domain that routes any postMessage to its opener
• Conclusion
• How can we fix this?
• How to reduce the risk
https://labs.detectify.com/2022/07/06/account-hijacking-using-dirty-dancing-in-sign-in-oauth-flows/
👤 by Frans Rosén
Combining response-type switching, invalid state and redirect-uri quirks using OAuth, with third-party javascript-inclusions has multiple vulnerable scenarios where authorization codes or tokens could leak to an attacker. This could be used in attacks for single-click account takeovers. Frans Rosén, Security Advisor at Detectify goes through three different scenarios found in the wild below and also suggests ways to reduce the risk.
📝 Contents:
• Background
• Current state and assumptions about OAuth credential leakage
• Explanation of different OAuth-dances
• Response modes
• A theory: stealing tokens through postMessage
• It took a lot of time to get here
• Non-happy paths in the OAuth-dance
• Break state intentionally
• Response-type/Response-mode switching
• Redirect-uri case shifting
• Redirect-uri path appending
• Redirect-uri parameter appending
• Redirect-uri leftovers or misconfigurations
• I ended up on a non-happy path. Now what?
• Here be more time
• URL-leaking gadgets
• Other ideas for leaking URLs
• A page on a domain that routes any postMessage to its opener
• Conclusion
• How can we fix this?
• How to reduce the risk
https://labs.detectify.com/2022/07/06/account-hijacking-using-dirty-dancing-in-sign-in-oauth-flows/
Forwarded from SHADOW:Group
🪙 Блокчейн-сеть защищена! Но не приложения и их интеграции
Сеть блокчейна действительно трудно взломать, поскольку блокчейн имеет защищенную сеть для создания децентрализованных приложений, однако архитектура приложения, исходный код, рабочий процесс, логика и конфигурации всегда открыты для атак.
Читать статью
#web3
Сеть блокчейна действительно трудно взломать, поскольку блокчейн имеет защищенную сеть для создания децентрализованных приложений, однако архитектура приложения, исходный код, рабочий процесс, логика и конфигурации всегда открыты для атак.
Читать статью
#web3
Telegraph
Блокчейн-сеть защищена! Но не приложения и их интеграции
Оригинал на английском тут. Обзор Во время оценки безопасности веб-приложения на основе блокчейна было замечено, что некоторые функции уязвимы к передаче ETH без проверки подлинности из кошелька администратора в кошелек злоумышленника. Веб-приложение представляло…
Forwarded from The Bug Bounty Hunter
Groovy Template Engine Exploitation – Notes from a real case scenario https://security.humanativaspa.it/groovy-template-engine-exploitation-notes-from-a-real-case-scenario/
hn security
Groovy Template Engine Exploitation - Notes from a real case scenario - hn security
Java web applications are far from […]
Caching the Un-cacheables - Abusing URL Parser Confusions (Web Cache Poisoning Technique)
https://nokline.github.io/bugbounty/2022/09/02/Glassdoor-Cache-Poisoning.html
https://nokline.github.io/bugbounty/2022/09/02/Glassdoor-Cache-Poisoning.html