Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @ehpritesh
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @ehpritesh
-
Prikvačeni tweet
I just published my writeup about How an incident gave us $$$ bounty. If you have any query feel free to DM me.https://medium.com/@vpawar1147/how-an-incident-gave-us-bounty-982b432be6f1 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Pritesh Mistry proslijedio/la je Tweet
CVE-2019-18426 From Persistent-XSS in Whatsapp to Reading from the File System on Mac/Windows with a potential for RCE Bounty: $12,500
#bugbounty https://www.perimeterx.com/tech-blog/2020/whatsapp-fs-read-vuln-disclosure/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Pritesh Mistry proslijedio/la je TweetHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Pritesh Mistry proslijedio/la je Tweet
When testing for SSRF using a black list, take internal IP addresses and when encoding them, dont encode entire IP. Encode 1 octet of the IP address, or 2 or 3. For Instance: AWS Metadata - 0251.254.169.254 (this got the $160,000 payout in Oct 2018)
#bugbountytip#bugbountyPrikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Pritesh Mistry proslijedio/la je Tweet
When testing for SSRF, change the HTTP version from 1.1 to HTTP/0.9 and remove the host header completely. This has worked to bypass several SSRF fixes in the past.
#bugbountytip#bugbountytip#bugbountyHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Pritesh Mistry proslijedio/la je Tweet
Got a new CVE
Title: phpList Authentication Bypass
CVE ID: CVE-2020-8547
Vulnerability Type: PHP type Juggling / Loose Comparisonpic.twitter.com/WItl6yENRoHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Pritesh Mistry proslijedio/la je Tweet
This month I learnt how to analyse the JavaScript of a React Native application while bounty hunting. I wanted to share what I found out with everyone else.https://blog.assetnote.io/bug-bounty/2020/02/01/expanding-attack-surface-react-native/ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Pritesh Mistry proslijedio/la je Tweet
We just released the exploit for Remote Code Execution on Citrix Application Delivery Controller and Citrix Gateway (CVE-2019-19781)https://github.com/projectzeroindia/CVE-2019-19781 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Pritesh Mistry proslijedio/la je TweetHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Pritesh Mistry proslijedio/la je Tweet
Attention CTF players (and organizers, CTFd v2.0.0 - v2.2.2 has a serious vulnerability (CVE-2020-7245) in which an attacker could perform account takeover using a leading-trailing on the Registration form. It has been fixed in v2.2.3. https://github.com/CTFd/CTFd/releases/tag/2.2.3 … Make sure to update!
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Pritesh Mistry proslijedio/la je Tweet
Akamai WAF Bypass, worked on a recent
#bugbounty program#xss <x onauxclick=a=alert,a(domain)>clickHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Pritesh Mistry proslijedio/la je Tweet
Stream #4 is up on Youtube! These segments I call "Tool Time" and go through some new-ish bounty/appsec tradecraft + tools. Enjoy! https://youtu.be/00xVyT0k-_E pic.twitter.com/VqWt46zX3c
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Pritesh Mistry proslijedio/la je Tweet
@ngalongc,@EdOverflow, and I are starting a new security blog. In our first write-up, we will discuss the impact of "SameSite by default" and how it affects web app sec. Feel free to request future topics you would like us to cover. https://blog.reconless.com/samesite-by-default/ …pic.twitter.com/5R23YmpksT
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Pritesh Mistry proslijedio/la je Tweet
Here's a working POC for manually performing DNS Rebinding attack.
Some people asking me for this in DM.pic.twitter.com/CHtsNEe3ixHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Pritesh Mistry proslijedio/la je Tweet
SpiderFoot 3.0 is now out! Major changes include: - Fully Python 3 - Target usernames - Run scans by CLI or web UI https://www.spiderfoot.net/spiderfoot-3-0-open-source-release/ … One minute DNS recon tutorial with the CLI: https://asciinema.org/a/295912
#OSINT#infosec#PentestingHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Pritesh Mistry proslijedio/la je Tweet
There are some endpoints show JSON, but forget to set the header to “Content-type: application/json” and leave it as “Content-type: text/html” , and they show special chars , easy XSS ;)
#bugbountytip#bugbountytips#BugBountyHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Pritesh Mistry proslijedio/la je Tweet
How a double-free bug in WhatsApp turns to RCE https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/ …pic.twitter.com/4xlPrtx0XF
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Pritesh Mistry proslijedio/la je Tweet
Кто рано встаёт, тому Бог подаёт записать скоро )) Yes™pic.twitter.com/zxjn18pCNl
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Pritesh Mistry proslijedio/la je Tweet
$40,000 Bugs Microsoft Edge (Chromium) - EoP via XSS to Potential RCE https://leucosite.com/Edge-Chromium-EoP-RCE … Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty https://samcurry.net/filling-in-the-blanks-exploiting-null-byte-buffer-overflow-for-a-40000-bounty …
#bugbounty,#bugbountytipsHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Pritesh Mistry proslijedio/la je Tweet
Data extraction bug in Facebook. Sorry, no write-up for this one for the current time!
#BugBountypic.twitter.com/EX4tXLPH2J
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Pritesh Mistry proslijedio/la je Tweet
Facebook rewarded me with a bounty of $30000 for SSRF on prod server (Internal Access
).
#BugBounty#Facebookpic.twitter.com/ueQ8xTsB6y
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.