Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @yassergersy
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @yassergersy
-
Meet InnoGames’ Top Hackerhttps://www.hackerone.com/blog/meet-innogames-top-hacker …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
YasserGersy proslijedio/la je Tweet
Since
@brutelogic wanted to share some WAF bypasses, I figured I'd share the one I recently used for Incapsula. <iframe/onload="var b = 'document.domain)'; var a = 'JaV' + 'ascRipt:al' + 'ert(' + b; this['src']=a">Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
YasserGersy proslijedio/la je Tweet
CVE-2019-17556: Unsafe deserialization in Apache Olingo https://medium.com/bugbountywriteup/cve-2019-17556-unsafe-deserialization-in-apache-olingo-8ebb41b66817 …pic.twitter.com/lHuvGXPQ9D
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
#bugbountytip : Load response , extract all valid parameters names , submit all as get and post parameters , check which one is being reflected , you will increase your chances to get#xsspic.twitter.com/wEtN3fl4xTHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
YasserGersy proslijedio/la je Tweet
Articles worth reading discovered last week:
https://about.gitlab.com/2019/08/14/american-fuzzy-lop-on-gitlab/ …
https://dttw.tech/posts/SJ40_7MNS
https://soroush.secproject.com/blog/2019/08/uploading-web-config-for-fun-and-profit-2/ …
http://addxorrol.blogspot.com/2019/08/rashomon-of-disclosure.html?m=1 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
YasserGersy proslijedio/la je Tweet
#OneLiner to get commoncrawl assets! curl -sL http://index.commoncrawl.org | grep 'href="/CC' | awk -F'"' '{print $2}' | xargs -n1 -I{} curl -sL http://index.commoncrawl.org {}-index?url=http://uber.com/ * | awk -F'"url":\ "' '{print $2}' | cut -d'"' -f1 | sort -u | tee domain.txtpic.twitter.com/vcvhClEMkD
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
YasserGersy proslijedio/la je Tweet
Our new article. We cracked the IDA Pro password by predicting the PRNG!https://twitter.com/d3vc0r3/status/1142095208147853312 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
YasserGersy proslijedio/la je Tweet
Short blog and POC code for CVE-2019-1040 (patched last Tuesday). Combining this vulnerability with the SpoolService bug and Kerberos delegation means: any AD user to Domain Admin; RCE on unpatched hosts; possible over Forest trusts. https://dirkjanm.io/exploiting-CVE-2019-1040-relay-vulnerabilities-for-rce-and-domain-admin/ … TL;DR: GO PATCH!
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
YasserGersy proslijedio/la je Tweet
Interesting XSS I ran into today, Input where param=value is reflected in a JSON body within a script tag. If you send param=</script>, the application sanitizes the input. This can be bypassed with param["</script>"]=whatever.pic.twitter.com/Xa7levlcSs
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
YasserGersy proslijedio/la je Tweet
Hardcoded consumer and secret key in an Android mobile application was fixed by AES/CBC encrypting it. However, the byte array generation function used to construct the decryption secret key was also hardcoded in the same java class
#bugbountystoriespic.twitter.com/U2Pe5pdyoB
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
YasserGersy proslijedio/la je Tweet
I never thought I would experience a XSS on Google Search. But
@kinugawamasato blew my mind! This is a video going over the difficulties of sanitizing HTML in JavaScript. https://www.youtube.com/watch?v=lG7U3fuNw3A …pic.twitter.com/EwoM0GaW3o
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
YasserGersy proslijedio/la je Tweet
Want to bypass WAF when exploiting CVE-2019-5418 ? curl -H 'Accept: ../../../../../../e*c/p*s*d{{' http://server/...
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I used to share links via Googleplus , you can take a look before it goes away https://plus.google.com/+YasserGersyCh2
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
YasserGersy proslijedio/la je Tweet
XSS Hunter is now successfully migrated to a more scalable setup. The SQL server now has auto-expansion for disks and regular backups and automated maintenance. Additionally everything runs on more cost-appropriate servers to make the service cheaper to run.pic.twitter.com/YssnWB12ye
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
#Tip: Gorrila is doing this by design and some people do not read these notes allowing actions via GET resulting in dozens of csrf :D Consider this bypass by@zseano#BugBounty https://twitter.com/zseano/status/1080538613895565312 …Tweet je nedostupan.Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Exploiting post message to steal and replace user’s cookieshttps://link.medium.com/wGlQt9lXfS
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
YasserGersy proslijedio/la je Tweet
How I discovered XSS that affects over 20 uber subdomains https://blog.fadyothman.com/how-i-discovered-xss-that-affects-over-20-uber-subdomains …
#BugBounty#BugBountyTipHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
YasserGersy proslijedio/la je Tweet
Evading CSP with DOM-based dangling markuphttps://portswigger.net/blog/evading-csp-with-dom-based-dangling-markup …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
YasserGersy proslijedio/la je Tweet
New post! I stumbled across a serious browser security bug & I can finally talk about it. The post covers:
An exciting new logo.
Range requests.
"No-cors" requests.
Sneaking past origin security.
The importance of standards.https://jakearchibald.com/2018/i-discovered-a-browser-bug/ …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
1500$ button click “Account Take over via Reset-Password” https://medium.com/@yassergersy/account-take-over-via-reset-password-function-83032cfd8275 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.