iamsushi

@sushiwushi2

I tweet strange things and find bugs

Vrijeme pridruživanja: prosinac 2018.

Tweetovi

Blokirali ste korisnika/cu @sushiwushi2

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @sushiwushi2

  1. Prikvačeni tweet
    14. sij

    CSP bypass for googleapis[.]com/customsearch/

    Poništi
  2. proslijedio/la je Tweet
    2. velj

    WooT! There is always a way. New short write up! Chain the bugs till you get what you want. Some steps were not mentionned. RT, Like and Comments are appreciated. For any pentest work DM me:) 🎉🎉

    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet
    2. velj

    Fun fact: That job screening company that scans Twitter accounts for bad words has developers that commit plaintext passwords on GitHub. ... Maybe they're scanning the wrong website.

    Prikaži ovu nit
    Poništi
  4. proslijedio/la je Tweet
    31. sij

    , , and I are starting a new security blog. In our first write-up, we will discuss the impact of "SameSite by default" and how it affects web app sec. Feel free to request future topics you would like us to cover.

    Poništi
  5. proslijedio/la je Tweet
    29. sij

    ffuf 1.0 released! phew, this is a big one. Feature highlights in this thread Huge thanks for all the contributors, and special thanks to for pulling off a feature bounty and for fulfilling it in a record time (and contributing said bounty to charity).

    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    28. sij
    Odgovor korisniku/ci

    Tried to save an ID once, that didn't exist, with value 99999999999. MYSQL could only store highest integer value of 2147483647. It inserted the new model with the highest possible primary key. Locked table for further insertions. Brought down whole backend for new registrations.

    Poništi
  7. proslijedio/la je Tweet
    28. sij

    Hacker tip: when you’re looking for IDORs in a model that references another model, try storing IDs that don’t exists yet. I’ve seen a number of times now that, because the model can’t be found, the system will save the ID. (1/2)

    Prikaži ovu nit
    Poništi
  8. Poništi
  9. proslijedio/la je Tweet
    27. sij

    Quick question: Is it "for fucks sake" or "for fuck sake" ? It's for a work email so has to sound professional.

    Poništi
  10. proslijedio/la je Tweet
    27. sij
    Odgovor korisniku/ci

    Always threw me for ages before I realised that '[' is just a program (technically usually a built-in, but whatever) that requires its last argument to be ']' 😆

    Poništi
  11. proslijedio/la je Tweet
    22. sij
    Odgovor korisniku/ci

    Not really to scare off, but I once had a SQLi attempt automatically redirect to a cybersecurity engineer job offer at that company. Pretty clever!

    Poništi
  12. proslijedio/la je Tweet
    22. sij

    What is the best way to scare off black hat hackers? 🎩😱

    Poništi
  13. proslijedio/la je Tweet
    20. sij

    Time for a new tip! When I sign up to a website/newsletter/reset password, I look at the website which hosts the logo/image in the email I receive. This led me multiple time to insecure AWS S3 buckets and scope expansion.

    Poništi
  14. proslijedio/la je Tweet
    19. sij

    CVE-2020-0674: Microsoft Internet Explorer 0day - Scripting Engine Memory Corruption Vulnerability being exploited in the wild

    Poništi
  15. proslijedio/la je Tweet
    19. sij

    Popped calc in Chrome. This isn’t a 0day. I added a relative (oob) rw bug and an info leak to the latest version. I also disabled the sandbox to demonstrate arbitrary code execution. It’s a good playground for developing exploitation techniques.

    Poništi
  16. proslijedio/la je Tweet
    20. sij

    Exploiting SQL Injection in Android's Download Provider (CVE-2019-2198) Blind SQL injection in Android's Download Provider will retrieve user cookies of downloaded file website (e.g. Gmail). Patched in November's 2019 Android Security Bulletin. PoC + info:

    Poništi
  17. proslijedio/la je Tweet
    18. sij

    To generate traffic, embed "CVE-2020-0601", "Exploit" and/or "PoC" keywords anywhere. Thank you

    Poništi
  18. proslijedio/la je Tweet
    17. sij

    ZAP 2.9.0 is now available from For full details see the release notes: Thank you to everyone who has contributed to this release.

    Poništi
  19. proslijedio/la je Tweet
    17. sij

    blocked me, because program member close my report as Low severity (Oauth token leak) and i say that this program member is liar... I ask to look again for this report, but no respone was given. But for "liars" thay react very fast. Ok, no problem.

    Prikaži ovu nit
    Poništi
  20. proslijedio/la je Tweet
    18. sij
    Prikaži ovu nit
    Poništi
  21. proslijedio/la je Tweet
    10. pro 2019.

    Chrome RCE to windows Privilege Escalation First Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium Then Windows 0-day exploit CVE-2019-1458 used in Operation WizardOpium(Windows 7)

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·