Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @Hackers_Guild
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @Hackers_Guild
-
Prikvačeni tweet
Finally, my first post, "A TALE OF AN APPLICATION WIDE CSRF VULNERABILITY". Hope you guys will like it. :)
#bugbounty#pentest#sharingiscaring https://luffydragneel.blogspot.com/2019/02/a-tale-of-application-wide-csrf.html …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
luffydragneel proslijedio/la je Tweet
New blog post: Simple Remote Code Execution Vulnerability Examples for Beginnershttps://link.medium.com/qEZHJHzNP3
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
luffydragneel proslijedio/la je Tweet
If Microsoft Teams is down for you... Remember it's Office *365* and there are 366 days in 2020.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
luffydragneel proslijedio/la je Tweet
Time for another
#BugBountyTip : While testing file upload forms on IIS7 servers, you can get RCE by uploading ".cer" files if ".asp" extension is blacklisted. This already let me to multiple RCEs in#bugbounty and#pentest projects.#bugbountytips RT if you love! More coming
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
luffydragneel proslijedio/la je Tweet
When testing for SSRF using a black list, take internal IP addresses and when encoding them, dont encode entire IP. Encode 1 octet of the IP address, or 2 or 3. For Instance: AWS Metadata - 0251.254.169.254 (this got the $160,000 payout in Oct 2018)
#bugbountytip#bugbountyPrikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
luffydragneel proslijedio/la je Tweet
WooT! There is always a way. New
#bugbounty#pentest short write up! Chain the bugs till you get what you want.#bugbountytip#bugbountytips#hacking Some steps were not mentionned. RT, Like and Comments are appreciated. For any pentest work DM me:)
pic.twitter.com/nlAv4pMPhx
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
luffydragneel proslijedio/la je Tweet
Love it! Thanks!
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
luffydragneel proslijedio/la je Tweet
This ‘No honking’ ad by Mumbai Police is pure gold
@MumbaiPolice Honk only if you are ready to wait
#HonkResponsibly#NoHonkingpic.twitter.com/DeKC4hjp7uPrikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Awesome sheet. Thanks for sharing.
https://twitter.com/SamuelAnttila/status/1223671857590652928 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Request has a 64 chars long csrf token in the header and same in the cookie. I can use any random string of 64 chars but they should have same value in both places. Any ideas how I can possibly exploit this csrf for another user?
#bugbounty#TogetherWeHitHarderHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
luffydragneel proslijedio/la je Tweet
NEW BLOG POST ON RECON ON SHODAN PUBLISHED BY ME DO TAKE A READ AND SHARE
https://medium.com/@malavsharma/magic-of-shodan-15dd17854099 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
The Complete Guide to CORS (In) Security by
@TwiceDi. Do give it a read because it's very well written.
https://www.bedefended.com/papers/cors-security-guide …
#bugbounty#bugbountytipsHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
If an application uses markdown, make sure to test it for xss. I used [Click here](javascript:alert(1)), to create a link via markdown and when the user clicks on Click here, the xss will get executed. Read this article. https://medium.com/taptuit/exploiting-xss-via-markdown-72a61e774bf8 …
#bugbounty#bugbountytipsHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I earned 2x$350 for my 2 submissions on
@bugcrowd https://bugcrowd.com/luffydragneel . Both were stored XSS with a simple payload "><img src=x onerror=alert(1)>.#ItTakesACrowd#bugbountyPrikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
luffydragneel proslijedio/la je TweetHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
luffydragneel proslijedio/la je Tweet
First blog post: Unauthorized Google Maps API Key Usage Cases, and Why You Need to Carehttps://link.medium.com/gOzO3Gy9o3
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
luffydragneel proslijedio/la je Tweet
Hello hunters ! last year i published my recon map, this year i share with you my
#bugbounty checklist ! Feel free to ask questions and make comment to improve it ! and hope you enjoy ;) https://bit.ly/2RBvEVq#bugbountytips#togetherwehitharderpic.twitter.com/1LPF8qf7y0
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
luffydragneel proslijedio/la je TweetHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
luffydragneel proslijedio/la je Tweet
Time for a new
#bugbounty tip! When I sign up to a website/newsletter/reset password, I look at the website which hosts the logo/image in the email I receive. This led me multiple time to insecure AWS S3 buckets and scope expansion.#bugbountytip#bugbountytips#infosec#hackingHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

