Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @shub66452
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @shub66452
-
$!|3nt_4unt3r proslijedio/la je Tweet
When testing for SSRF, change the HTTP version from 1.1 to HTTP/0.9 and remove the host header completely. This has worked to bypass several SSRF fixes in the past.
#bugbountytip#bugbountytip#bugbountyHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
$!|3nt_4unt3r proslijedio/la je Tweet
This month I learnt how to analyse the JavaScript of a React Native application while bounty hunting. I wanted to share what I found out with everyone else.https://blog.assetnote.io/bug-bounty/2020/02/01/expanding-attack-surface-react-native/ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
$!|3nt_4unt3r proslijedio/la je TweetHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
$!|3nt_4unt3r proslijedio/la je Tweet
-API TIP:28/31- Pentest for .NET apps? Found a param containing file path/name? Developers sometimes use "Path.Combine(path_1,path_2)" to create full path. Path.Combine has weird behavior: if param#2 is absolute path, then param#1 is ignored. - Leverage it to control the path -
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
$!|3nt_4unt3r proslijedio/la je TweetHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
$!|3nt_4unt3r proslijedio/la je Tweet
-API TIP:26/31- Looking for BOLA (IDOR) in APIs? got 401/403 errors? AuthZ bypass tricks: * Wrap ID with an array {“id”:111} --> {“id”:[111]} * JSON wrap {“id”:111} --> {“id”:{“id”:111}} * Send ID twice URL?id=<LEGIT>&id=<VICTIM> * Send wildcard {"user_id":"*"}
#bugbountytipsPrikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
$!|3nt_4unt3r proslijedio/la je Tweet
GGvulnz — How I hacked hundreds of companies through Google Groups -- by
@0xmilan https://medium.com/@milanmagyar/ggvulnz-how-i-hacked-hundreds-of-companies-through-google-groups-b69c658c8924 …pic.twitter.com/eVA91hcjZv
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
$!|3nt_4unt3r proslijedio/la je Tweet
Learn more about Export Injection:https://medium.com/@inonst/export-injection-2eebc4f17117 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
$!|3nt_4unt3r proslijedio/la je Tweet
-API TIP:23/31- Found a way to download arbitrary files from a web server? Shift the test from black-box to white-box. Download the source code of the app (DLL files: use IL-spy; Compiled Java - use Luyten) Read the code and find new issues!
#bugbountytips#bugbountyHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
$!|3nt_4unt3r proslijedio/la je Tweet
Heads up: we are working on a solution for http://cohesion.sh to automatically identify leaks during the spidering and passive phases. Watch this space.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
$!|3nt_4unt3r proslijedio/la je Tweet
@prateek_0490 would like to thanks for sharing your passive recon techniques found database of oraganization uploaded in public pdf form thanks again Dork : site:http://scribd.com intext:compamynamepic.twitter.com/SiwW38BaeqOvo je potencijalno osjetljiv multimedijski sadržaj. Saznajte više
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
$!|3nt_4unt3r proslijedio/la je Tweet
I'm excited to share my post about discovering & exploiting multiple critical vulnerabilities in Cisco's DCNM. Busting Cisco's Beans :: Hardcoding Your Way to Hell https://srcincite.io/blog/2020/01/14/busting-ciscos-beans-hardcoding-your-way-to-hell.html … PoC exploit code: https://srcincite.io/pocs/cve-2019-15975.py.txt … https://srcincite.io/pocs/cve-2019-15976.py.txt … https://srcincite.io/pocs/cve-2019-15977.py.txt …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
$!|3nt_4unt3r proslijedio/la je Tweet
-API TIP: 13/31- Use Mass Assignment to bypass security mechanisms. E.g., "enter password" mechanism: - `POST /api/rest_pass` requires old password. - `PUT /api/update_user` is vulnerable to MA == can be used to update pass without sending the old one (For CSRF)
#bugbountytipsHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
$!|3nt_4unt3r proslijedio/la je Tweet
Just posted Remote Code Execution in Three Acts: Chaining Exposed Actuators and H2 Database Aliases in Spring Boot 2. Using a payload containing three different programming languages :)https://spaceraccoon.dev/remote-code-execution-in-three-acts-chaining-exposed-actuators-and-h2-database …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
$!|3nt_4unt3r proslijedio/la je Tweet
-API TIP : 12/31- Testing for BOLA (IDOR)? Even if the ID is GUID or non-numeric, try to send a numeric value. For example: "/?user_id=111" instead of "user_id=inon@traceable.ai" Sometimes the AuthZ mechanism supports both and it's easier the brute force numbers.
#bugbountytipsHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
$!|3nt_4unt3r proslijedio/la je Tweet
- API TIP: 11/31 - The API uses Authorization header? Forget about CSRF! If the authentication mechanism doesn't support cookies, the API is protected against CSRF by design.
#bugbountytips#infosecHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
$!|3nt_4unt3r proslijedio/la je Tweet
-API TIP: 10/31- Exploiting BFLA (Broken Function Level Authorization)? Leverage the predictable nature of REST to find admin API endpoints! E.g: you saw the following API call `GET /api/v1/users/<id>` Give it a chance and change to DELETE / POST to create/delete users.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
$!|3nt_4unt3r proslijedio/la je Tweet
Yo hackers! I've built a small website that has some
#XSS challenges.
http://xss.pwnfunction.com
The main challenge for the week is `WW3`
All upcoming challenges will be hosted there, so stay tuned :)
Would love to know what you guys think. Have fun!pic.twitter.com/0vGboYQIY7
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
$!|3nt_4unt3r proslijedio/la je Tweet
- API TIP: 9/31 - Pentest for APIs? Trying to find BOLA (IDOR) vulnerabilities? IDs in the HTTP bodies / headers tend to be more vulnerable than IDs in URLs. Try to focus on them first.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
$!|3nt_4unt3r proslijedio/la je Tweet
New Writing Bypass SameSite Cookies Default to Lax and get CSRF Looking at a new Chrome feature and the 2 minute quirk which make it possible to bypass it, also solution to my CSRF challenge.
#CSRF#SameSitehttps://medium.com/@renwa/bypass-samesite-cookies-default-to-lax-and-get-csrf-343ba09b9f2b …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.