Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @0xtina
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @0xtina
-
Christina Oh proslijedio/la je Tweet
XSS filter bypass using stripped </p> tag to obfuscate. P2 Stored XSS $1500 on a private bug bounty program. XSS Payload: <</p>iframe src=javascript:alert()//
#xss#bugbountytip#bugbountytips#bugbounty#hacking@brutelogicpic.twitter.com/ltjUpiL4Cu
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Christina Oh proslijedio/la je Tweet
That’s genius. I wonder how many ssrf I’ve given up on and could have made work with this...
https://twitter.com/thedawgyg/status/1224450254205927432 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Christina Oh proslijedio/la je Tweet
Hey bug hunters! Want a look at some of the top vulnerabilities ever found on
@Dropbox ? They just released the last blog post I wrote before leaving. Enjoy!#bugbountytipshttps://blogs.dropbox.com/tech/2020/02/dropbox-bug-bounty-program-has-paid-out-over-1000000/ …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Christina Oh proslijedio/la je Tweet
If an application uses markdown, make sure to test it for xss. I used [Click here](javascript:alert(1)), to create a link via markdown and when the user clicks on Click here, the xss will get executed. Read this article. https://medium.com/taptuit/exploiting-xss-via-markdown-72a61e774bf8 …
#bugbounty#bugbountytipsHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Christina Oh proslijedio/la je Tweet
SQL Injection WAF bypass techniques 1.Nullbyte: %00' UNION SELECT password FROM Users WHERE username-'tom'-- 2. SQL Comments: '/**/UN/**/ION/**/SEL/**/ECT/**/password/**/FR/OM/**/Users/**/WHE/**/RE/**/usersame/**/LIKE/**/'tom'-- https://incogbyte.github.io/sqli_waf_bypass/ …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Christina Oh proslijedio/la je TweetHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Christina Oh proslijedio/la je Tweet
sqlmap can fail! Know how to fingerprint manually with db-unique functions: MySQL - database() MsSQL - db_name() SQLite - sqlite_version() PostgreSQL - current_database() The functions don't exist in other solutions, so if they work you know which one it is!
#bugbountytipsHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Christina Oh proslijedio/la je Tweet
Did you know that the address '<a@b.com>c@d.com' when given to SES will send an email to a@b.com? this could lead to interesting exploit scenarios with some email parsing libraries/code https://nathandavison.com/blog/exploiting-email-address-parsing-with-aws-ses …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Christina Oh proslijedio/la je Tweet
If you're asking yourself "is this the first time an AV was targeted by someone to own someone", you need to check this Github repository by
@buheratorhttps://github.com/v-p-b/avpwnHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Christina Oh proslijedio/la je Tweet
There are some endpoints show JSON, but forget to set the header to “Content-type: application/json” and leave it as “Content-type: text/html” , and they show special chars , easy XSS ;)
#bugbountytip#bugbountytips#BugBountyHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Christina Oh proslijedio/la je TweetHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Christina Oh proslijedio/la je Tweet
Windows Kiosk breakout tip: If you get a Printing panel, and the traditional methods don't work: Amongst the printers, select "SendTo OneNote" OneNote will launch -> Add new notebook On the Notebook -> New page Type: \\127.0.0.1\c$\windows\system32\cmd.exe Click the link
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Christina Oh proslijedio/la je Tweet
Instant Admin Access!!
#Takeaways always check JS files and request responses. This tool by@jobertabma is pretty good in looking for endpoints https://github.com/jobertabma/relative-url-extractor …#BugBounty#bugbountytips#bugbountytipPrikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Christina Oh proslijedio/la je Tweet
-API TIP:26/31- Looking for BOLA (IDOR) in APIs? got 401/403 errors? AuthZ bypass tricks: * Wrap ID with an array {“id”:111} --> {“id”:[111]} * JSON wrap {“id”:111} --> {“id”:{“id”:111}} * Send ID twice URL?id=<LEGIT>&id=<VICTIM> * Send wildcard {"user_id":"*"}
#bugbountytipsPrikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Christina Oh proslijedio/la je Tweet
THC RELEASE: Our favourite Tips, Tricks & Hacks. Help us and add your favourite tricks to the CHEAT SHEET:https://tiny.cc/thctricks
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Christina Oh proslijedio/la je Tweet
Here are my (updated) slides from
@AppSecCali for my talk "Owning The Cloud Through SSRF & PDF Generators" with Chris Holt from@TheParanoids. Big thank you to@daeken,@bbuerhaus,@infosec_au ,@orange_8361,@Alyssa_Herrera_, and@hacker_ ! https://docs.google.com/presentation/d/1vMbvg05euZdq1wDxtR04EvC6iBiyIbcFeRAHWr1McdA/edit#slide=id.g6f82de3c45_0_9 …pic.twitter.com/q3UwhtzfbE
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Christina Oh proslijedio/la je Tweet
if you find 403 Forbidden while testing. Try X-Original-URL and X-Rewrite-URL Headers to bypass restrictions
#Collectedpic.twitter.com/CA3ZYhRy0A
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Christina Oh proslijedio/la je Tweet
Here my GitHub with many scripts useful for red teamers - Enjoy! https://github.com/BankSecurity/Red_Team …
#redteamHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Christina Oh proslijedio/la je Tweet
CVE-2019-12415: XML processing vulnerability in Apache POI https://pentestmag.com/cve-2019-12415-xml-processing-vulnerability-in-apache-poi/ …
#pentest#magazine#pentestmag#pentestblog#PTblog#CVE#XML#vulnerability#Apache#POI#cybersecurity#infosecurity#infosecHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Christina Oh proslijedio/la je Tweet
RDP to RCE: When Fragmentation Goes Wrong AKA: What we know about CVE-2020-0609 and CVE-2020-0610.https://www.kryptoslogic.com/blog/2020/01/rdp-to-rce-when-fragmentation-goes-wrong/ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.