Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
Blokirali ste korisnika/cu @Mus_t4r
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @Mus_t4r
-
Masterr proslijedio/la je Tweet
XSS filter bypass using stripped </p> tag to obfuscate. P2 Stored XSS $1500 on a private bug bounty program. XSS Payload: <</p>iframe src=javascript:alert()//
#xss#bugbountytip#bugbountytips#bugbounty#hacking@brutelogicpic.twitter.com/ltjUpiL4Cu
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Masterr proslijedio/la je Tweet
When testing for SSRF, change the HTTP version from 1.1 to HTTP/0.9 and remove the host header completely. This has worked to bypass several SSRF fixes in the past.
#bugbountytip#bugbountytip#bugbountyHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Masterr proslijedio/la je Tweet
Some
#bugbounty hunters made over €50.000 in bug bounties with this simple trick.
Thanks for the #BugBountyTip,@rez0__!pic.twitter.com/z9sPFJTNqV
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Masterr proslijedio/la je Tweet
One more: Find a subdomain such as <grafana>.corp.company.com which points to a external IP example however only accessible inside VPN and such SSRF could be leveraged in that way. You can often find such hosts over SSL. Have exploited such in pasts. Might even be a
#bugbountytip https://twitter.com/jobertabma/status/1222264580329488385 …pic.twitter.com/BVA99w6ios
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Masterr proslijedio/la je Tweet
Hacker tip: when you’re looking for IDORs in a model that references another model, try storing IDs that don’t exists yet. I’ve seen a number of times now that, because the model can’t be found, the system will save the ID. (1/2)
#TogetherWeHitHarderPrikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Masterr proslijedio/la je Tweet
Did you know that the address '<a@b.com>c@d.com' when given to SES will send an email to a@b.com? this could lead to interesting exploit scenarios with some email parsing libraries/code https://nathandavison.com/blog/exploiting-email-address-parsing-with-aws-ses …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Masterr proslijedio/la je Tweet
2nd critical of this week.
#BugBountyTip Abuse ouath Sign-up flow: 1) Use phone number instead email in 3rd party to sign-up. 2) Link victim's email to your 3rd party account while singnup on target. 3) Login to vicitim's account using your 3rd party account.pic.twitter.com/4yrK5KXa4v
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Masterr proslijedio/la je Tweet
"ondragend" event seems to bypass certain WAFs <p ondragend=[1].map(prompt) draggable="true">dragMe</p> cc
@brutelogicpic.twitter.com/l6rwW18NWc
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Masterr proslijedio/la je Tweet
#BugBountyTip time: when you see a POST request made with JSON, convert this to XML and test for XXE. You can use "Content-type converter" extension on@Burp_Suite to do achieve this!#bugbountytips#infosec#hacking#pentest#pentesting#bugbounty RT and Follow, book coming!Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Masterr proslijedio/la je Tweet
Being an introvert isn't a flaw, it's a gift and real strength.pic.twitter.com/Utf0fJFvWb
BBC Ideas
The quiet power of introvertsHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Masterr proslijedio/la je Tweet
So you believe UUID's are a sufficient protection against IDOR's? Think again!
Thanks for the #BugBountyTip,@securintipic.twitter.com/zx5Xn7iDrE
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Masterr proslijedio/la je Tweet
If you had to teach cybersecurity classes in college, what would you recommend teaching to freshman? How would you teach it? What projects would you assign to students? I’m curious
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Masterr proslijedio/la je Tweet
<Thread> Few days ago, I captured more than 600K tweets on trendy topics on the Indian Twitter. I was looking at this graph yesterday night and asked myself: How can I found spammy Twitter accounts in this dataset? 1/pic.twitter.com/3bZXz198mX
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Masterr proslijedio/la je Tweet
Ketika mahasiswa semester akhir disibukkan dengan skripsi, kadang mereka sampai lupa menyiapkan hal yg gak kalah penting buat bekal persiapan karir mereka. Menguasai skill MS Excel, misalnya. Ada beberapa website yg bs jd media Anda belajar otodidak, gaes. Selamat mencoba
pic.twitter.com/v7a6EKPh62
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Masterr proslijedio/la je Tweet
I just released some of my PoCs! IDOR: https://youtu.be/3hJaxmiSzO4 Stored XSS: https://youtu.be/pwLG7tAGO08 Stored XSS: https://youtu.be/fnW0w2VYT2I RXSS: https://youtu.be/IC43MzAkC7E RXSS: https://youtu.be/DZxMB_KOoMk RXSS: https://youtu.be/L5isQP28o3M RXSS: https://youtu.be/CaoAh2CXyr0
#GeneralEG#BugBountyHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Masterr proslijedio/la je Tweet
While pentesting webapps, whenever you notice a redirect, check what caused it. If it's a client side redirect (caused by JavaScript), try redirecting to javascript:alert(), now you have XSS!
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Masterr proslijedio/la je Tweet
If example[.]com points to IP 1.2.3.4 and redirect to www[.]example[.]com but www[.]example[.]com doesn't point to anything (No A, AAAA, CNAME), try submitting your HTTP request to http://1.2.3.4/ with a "HOST: www[.]example[.]com" header.
#bugbountytip#bugbountytipsPrikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Masterr proslijedio/la je Tweet
Just posted Remote Code Execution in Three Acts: Chaining Exposed Actuators and H2 Database Aliases in Spring Boot 2. Using a payload containing three different programming languages :)https://spaceraccoon.dev/remote-code-execution-in-three-acts-chaining-exposed-actuators-and-h2-database …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Masterr proslijedio/la je Tweet
I'm very excited to share my blogpost series (including PoC code) about a remote, interactionless iPhone exploit over iMessage: https://googleprojectzero.blogspot.com/2020/01/remote-iphone-exploitation-part-1.html …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Masterr proslijedio/la je Tweet
If anyone interested in modifying an Android app (.apk) and recompiling it again, check out my write up about a CTF style challenge I solved recently:https://medium.com/@sebnemK/reverse-engineering-and-modifying-an-android-game-apk-ctf-c617151b874c?source=friends_link&sk=7ec84eabeea4158fc8d04032d99c010a …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.