Vote
Score
Submited by
Vulnerability Class
Title
Description
Link
Score: 8
Submitted by: phosphore
Vulnerability class:
Stored Cross Site Scripting
Stored Cross Site Scripting
Description:
A stored XSS found on Google Scholar leveraging polymorphic images
A stored XSS found on Google Scholar leveraging polymorphic images
Link to writeup:
https://blog.doyensec.com/2020/04/30/polymorphic-images-for-xss.html
https://blog.doyensec.com/2020/04/30/polymorphic-images-for-xss.html
Score: 5
Submitted by: securityteacher
Vulnerability class:
Firewall Bypass
Firewall Bypass
Title:
unleashed firmware flipper
unleashed firmware flipper
Description:
unleashed firmware flipper zero
unleashed firmware flipper zero
Score: 5
Submitted by: quas
Vulnerability class:
XXE
XXE
Description:
On a recent bug bounty adventure, I came across an XML endpoint that responded interestingly to attempted XXE exploitation.
On a recent bug bounty adventure, I came across an XML endpoint that responded interestingly to attempted XXE exploitation.
Score: 4
Submitted by: Eduardo nuri
Vulnerability class:
Account Takeover
Account Takeover
Description:
Get the inside scoop on the NFT marketplace exploit that could have stolen your digital assets with just one click.
Get the inside scoop on the NFT marketplace exploit that could have stolen your digital assets with just one click.
Score: 3
Submitted by: quas
Vulnerability class:
Cross Site Scripting (XSS)
Cross Site Scripting (XSS)
Description:
attackers can bypass the upload restriction on upload.twitter.com to cause XSS on ton.twitter.com and cache poisoning.
attackers can bypass the upload restriction on upload.twitter.com to cause XSS on ton.twitter.com and cache poisoning.
Link to writeup:
https://hackerone.com/reports/84601
https://hackerone.com/reports/84601
Score: 2
Submitted by: Hacklad
Vulnerability class:
Stored Cross Site Scripting
Stored Cross Site Scripting
Description:
I found a stored XSS bug that could allow an attacker to steal user email conversations, contacts in mail.ru and myMail iOS applications (version 12.2.1)
I found a stored XSS bug that could allow an attacker to steal user email conversations, contacts in mail.ru and myMail iOS applications (version 12.2.1)
Score: 2
Submitted by: Hacklad
Vulnerability class:
Insecure Direct Object Reference (IDOR)
Insecure Direct Object Reference (IDOR)
Description:
Second-order SQL injection arises when user-supplied data is stored by the application and later incorporated into SQL queries in an unsafe way.
Second-order SQL injection arises when user-supplied data is stored by the application and later incorporated into SQL queries in an unsafe way.
Score: 2
Submitted by: stefano
Vulnerability class:
Remote Code Execution (RCE)
Remote Code Execution (RCE)
Link to writeup:
http://artsploit.blogspot.com/2016/08/pprce2.html
http://artsploit.blogspot.com/2016/08/pprce2.html
Score: 2
Submitted by: quas
Vulnerability class:
Information Disclosure
Information Disclosure
Description:
An open redirect was almost everything I needed in two different bug bounty programs to get access to user accounts. In one of the cases a JWT was leaked, and in the other the CSRF token was leaked.
An open redirect was almost everything I needed in two different bug bounty programs to get access to user accounts. In one of the cases a JWT was leaked, and in the other the CSRF token was leaked.
Score: 2
Submitted by: quas
Vulnerability class:
Information Disclosure
Information Disclosure
Description:
Two different cases of how I was able to exploit a CORS misconfiguration: The first case based on an XSS, and requires thinking outside of the scope, and the second is based on an advanced CORS exploitation technique.
Two different cases of how I was able to exploit a CORS misconfiguration: The first case based on an XSS, and requires thinking outside of the scope, and the second is based on an advanced CORS exploitation technique.
Score: 2
Submitted by: quas
Vulnerability class:
Stored Cross Site Scripting
Stored Cross Site Scripting
Description:
In mid-2018, I found a stored XSS on Twitter in the least likely place you could think of. Yes, right in the tweet! But what makes this XSS so special is that it had the potential to be turned into a fully-fledged XSS worm.
In mid-2018, I found a stored XSS on Twitter in the least likely place you could think of. Yes, right in the tweet! But what makes this XSS so special is that it had the potential to be turned into a fully-fledged XSS worm.
Link to writeup:
https://www.virtuesecurity.com/tale-of-a-wormable-twitter-xss/
https://www.virtuesecurity.com/tale-of-a-wormable-twitter-xss/
Score: 2
Submitted by: quas
Vulnerability class:
XXE
XXE
Description:
In this vlog il walk you through a BLIND XXE OOB over DNS bug on a super hardened target and teach you how to exploit it.
In this vlog il walk you through a BLIND XXE OOB over DNS bug on a super hardened target and teach you how to exploit it.
Link to writeup:
https://www.youtube.com/watch?v=f3SXDBMGGb8
https://www.youtube.com/watch?v=f3SXDBMGGb8
Score: 1
Submitted by: quas
Vulnerability class:
Authentication Bypass
Authentication Bypass
Description:
Exploiting Authentication Bypass vulnerability in Codeigniter with a tricky technique.
Exploiting Authentication Bypass vulnerability in Codeigniter with a tricky technique.
Score: 1
Submitted by: helich0pper
Vulnerability class:
Pivoting
Pivoting
Description:
Access devices on the internal network after gaining shell access to an environment with constraints such as low storage/memory (eg. a Linux-based microcontroller or a router).
Access devices on the internal network after gaining shell access to an environment with constraints such as low storage/memory (eg. a Linux-based microcontroller or a router).
Link to writeup:
https://helich0pper.github.io/router_rce/
https://helich0pper.github.io/router_rce/
Score: 1
Submitted by: lukeberner
Vulnerability class:
Information Disclosure
Information Disclosure
Description:
Cloning internal Google repositories to find sensitive information
Cloning internal Google repositories to find sensitive information
Score: 1
Submitted by: Jitendra chandel
Vulnerability class:
Client Side Request Forgery
Client Side Request Forgery
Title:
Account Takeover via CSRF
Account Takeover via CSRF
Description:
There is no protection against CSRF in changing email which lead to CSRF to account takeover
There is no protection against CSRF in changing email which lead to CSRF to account takeover
Link to writeup:
https://bugreader.com/_imjitendra_@account-takeover-via-csrf-260
https://bugreader.com/_imjitendra_@account-takeover-via-csrf-260
Score: 1
Submitted by: Hacklad
Vulnerability class:
Authorization Bypass
Authorization Bypass
Title:
SAML AUTH BYPASS
SAML AUTH BYPASS
Description:
When using SAML authentication, responses are not checked properly. This allows attacker to inject/modify any assertions in the SAML response and thus, for example, authenticate as administrator.
When using SAML authentication, responses are not checked properly. This allows attacker to inject/modify any assertions in the SAML response and thus, for example, authenticate as administrator.
Link to writeup:
https://hackerone.com/reports/812064
https://hackerone.com/reports/812064
Score: 1
Submitted by: securityteacher
Vulnerability class:
Remote Code Execution (RCE)
Remote Code Execution (RCE)
Title:
CSV Injection
CSV Injection
Description:
Run Commands On Company Machines
Run Commands On Company Machines
Score: 1
Submitted by: maxsam4
Vulnerability class:
Denial of Service (DoS)
Denial of Service (DoS)
Description:
A bug in Substrate's FRAME runtime allowed anyone to store infinitely large data on the blockchain for free. It affected substrate chains including Polkadot, Kusama, and Polymesh.
A bug in Substrate's FRAME runtime allowed anyone to store infinitely large data on the blockchain for free. It affected substrate chains including Polkadot, Kusama, and Polymesh.
Link to writeup:
https://mudit.blog/free-blockchain-storage-bug-substrate/
https://mudit.blog/free-blockchain-storage-bug-substrate/
Score: 1
Submitted by: stefano
Vulnerability class:
Insecure Direct Object Reference (IDOR)
Insecure Direct Object Reference (IDOR)
Score: 1
Submitted by: quas
Vulnerability class:
Remote Code Execution (RCE)
Remote Code Execution (RCE)
Description:
As many of you reading this probably already know, in mid April, a good friend of mine (@Daley) and I located a Remote Code Execution vulnerability in EA’s Origin client (CVE-2019-11354). Today I’m going to go in depth on how we discovered this vulnerability, along with a couple others we needed to chain along the way ;pp
As many of you reading this probably already know, in mid April, a good friend of mine (@Daley) and I located a Remote Code Execution vulnerability in EA’s Origin client (CVE-2019-11354). Today I’m going to go in depth on how we discovered this vulnerability, along with a couple others we needed to chain along the way ;pp
Link to writeup:
https://zeropwn.github.io/2019-05-13-xss-to-rce/
https://zeropwn.github.io/2019-05-13-xss-to-rce/
Score: 1
Submitted by: quas
Vulnerability class:
Cross Site Scripting (XSS)
Cross Site Scripting (XSS)
Description:
This is a quick write up for a waf bypass on a private bbp, so i will keep hidden the name of the program.
This is a quick write up for a waf bypass on a private bbp, so i will keep hidden the name of the program.
Score: 1
Submitted by: quas
Vulnerability class:
Cross Site Scripting (XSS)
Cross Site Scripting (XSS)
Description:
A few years ago I discovered a technique to call functions in JavaScript without parentheses using onerror and the throw statement. It works by setting the onerror handler to the function you want to call and the throw statement is used to pass the argument to the function
A few years ago I discovered a technique to call functions in JavaScript without parentheses using onerror and the throw statement. It works by setting the onerror handler to the function you want to call and the throw statement is used to pass the argument to the function
Link to writeup:
https://portswigger.net/blog/xss-without-parentheses-and-semi-colons
https://portswigger.net/blog/xss-without-parentheses-and-semi-colons
Score: 1
Submitted by: quas
Vulnerability class:
Recon
Recon
Title:
Awesome Asset Discovery
Awesome Asset Discovery
Description:
Through this repository, we want to put out a list of curated resources which help during asset discovery phase of a security assessment engagement.
Through this repository, we want to put out a list of curated resources which help during asset discovery phase of a security assessment engagement.
Link to writeup:
https://github.com/redhuntlabs/Awesome-Asset-Discovery
https://github.com/redhuntlabs/Awesome-Asset-Discovery
Score: 1
Submitted by: quas
Vulnerability class:
Blind Server Side Request Forgery (Blind SSRF)
Blind Server Side Request Forgery (Blind SSRF)
Description:
Before we doing pentesting we should know our target using any third party service.
Before we doing pentesting we should know our target using any third party service.
Score: 1
Submitted by: quas
Vulnerability class:
Insecure Direct Object Reference (IDOR)
Insecure Direct Object Reference (IDOR)
Title:
Facebook IDOR bug in GraphQL
Facebook IDOR bug in GraphQL
Description:
The vulnerability type "IDOR": allows any potential attacker to change the account settings for another user
The vulnerability type "IDOR": allows any potential attacker to change the account settings for another user
Link to writeup:
https://www.youtube.com/watch?v=lY_5FHhRVko&feature=youtu.be
https://www.youtube.com/watch?v=lY_5FHhRVko&feature=youtu.be
Score: 1
Submitted by: quas
Vulnerability class:
XXE
XXE
Description:
This little technique can force your blind XXE to output anything you want!
This little technique can force your blind XXE to output anything you want!
Link to writeup:
https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/
https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/
Score: 1
Submitted by: quas
Vulnerability class:
Recon
Recon
Title:
Github OSINT
Github OSINT
Description:
When performing your initial recon on an organization dont forget about Github. Github is used by developers to maintain and share their code, most of the time they end up sharing much more though.
When performing your initial recon on an organization dont forget about Github. Github is used by developers to maintain and share their code, most of the time they end up sharing much more though.
Link to writeup:
https://medium.com/@ghostlulzhacks/github-osint-1e8a96f9fdb8
https://medium.com/@ghostlulzhacks/github-osint-1e8a96f9fdb8
Score: 1
Submitted by: quas
Vulnerability class:
Denial of Service (DoS)
Denial of Service (DoS)
Description:
While observing headers and response of the first request which was simple GET request to homepage WWW.EXAMPLE.COM, it came to my mind that why not check hidden get parameters?
While observing headers and response of the first request which was simple GET request to homepage WWW.EXAMPLE.COM, it came to my mind that why not check hidden get parameters?
Score: 1
Submitted by: quas
Vulnerability class:
Cross Site Scripting (XSS)
Cross Site Scripting (XSS)
Description:
com.twitter.android.lite.TwitterLiteActivity is set to exported and doesn't validate data pass to intent due to which this activity vulnerable to steal users local files, javascript injection and open redirect.
com.twitter.android.lite.TwitterLiteActivity is set to exported and doesn't validate data pass to intent due to which this activity vulnerable to steal users local files, javascript injection and open redirect.
Link to writeup:
https://hackerone.com/reports/499348
https://hackerone.com/reports/499348
Score: 1
Submitted by: quas
Vulnerability class:
Recon
Recon
Description:
Five things to test on the main app. And If you don't test for these, well then you're missing out!.
Five things to test on the main app. And If you don't test for these, well then you're missing out!.
Link to writeup:
https://www.youtube.com/watch?v=aNQg9mg4WNI
https://www.youtube.com/watch?v=aNQg9mg4WNI
Score: 1
Submitted by: quas
Vulnerability class:
Remote File Inclusion
Remote File Inclusion
Description:
Exploiting Remote File Inclusion (RFI) vulnerability in PHP applications which is vulnerable to "File Inclusion attack". We will bypass the Remote URL inclusion restriction and perform the exploitation of RFI even if PHP environment is configured not to include files from remote HTTP/FTP URL.
Exploiting Remote File Inclusion (RFI) vulnerability in PHP applications which is vulnerable to "File Inclusion attack". We will bypass the Remote URL inclusion restriction and perform the exploitation of RFI even if PHP environment is configured not to include files from remote HTTP/FTP URL.
Score: 0
Submitted by: Liam
Vulnerability class:
Other
Other
Description:
This article shows you how to perform recon on targets across different social media websites
This article shows you how to perform recon on targets across different social media websites
Score: 0
Submitted by: ife
Vulnerability class:
SQL Injection
SQL Injection
Title:
bWAPP GET/Search
bWAPP GET/Search
Description:
Using the buggy web application with Docker, you can exploit the URL by searching through the bWAPP database to find user information, including login and password!
Using the buggy web application with Docker, you can exploit the URL by searching through the bWAPP database to find user information, including login and password!
Link to writeup:
http://www.itsecgames.com/
http://www.itsecgames.com/
Score: 0
Submitted by: Santosh bobade
Vulnerability class:
DNS
DNS
Description:
Subdomain takeover at harvard university : A Subdomain Takeover is defined as Subdomain takeover attacks are a class of security issues where an attacker is able to seize control of an organization’s subdomain via cloud services like AWS or Azure. … The potential for a subdomain takeover occurs when the webpage hosted at the cloud provider is deleted but the DNS entry is kept.
Subdomain takeover at harvard university : A Subdomain Takeover is defined as Subdomain takeover attacks are a class of security issues where an attacker is able to seize control of an organization’s subdomain via cloud services like AWS or Azure. … The potential for a subdomain takeover occurs when the webpage hosted at the cloud provider is deleted but the DNS entry is kept.
Score: 0
Submitted by: Santosh bobade
Vulnerability class:
DNS
DNS
Description:
Subdomain takeover at harvard university :
Subdomain takeover at harvard university :
Score: 0
Submitted by: Santosh bobade
Vulnerability class:
Recon
Recon
Description:
You can create a telegram bot for recon and your own methodology for automation
You can create a telegram bot for recon and your own methodology for automation
Score: 0
Submitted by: Santosh bobade
Vulnerability class:
Reflected Cross Site Scripting
Reflected Cross Site Scripting
Title:
An Accidental XSS on uu.nl
An Accidental XSS on uu.nl
Description:
An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site.
An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site.
Score: 0
Submitted by: Santosh bobade
Vulnerability class:
Reflected Cross Site Scripting
Reflected Cross Site Scripting
Description:
An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site.
An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site.
Link to writeup:
https://link.medium.com/BRQtX1baupb
https://link.medium.com/BRQtX1baupb
Score: 0
Submitted by: securityteacher
Vulnerability class:
Host Header Injection
Host Header Injection
Link to writeup:
https://www.mubassirkamdar.com/2020/07/account-takeover-poc.html
https://www.mubassirkamdar.com/2020/07/account-takeover-poc.html
Score: 0
Submitted by: Yurii Sanin
Vulnerability class:
Server Side Request Forgery
Server Side Request Forgery
Description:
More than a year ago I discovered a misconfiguration that leads to SSRF in YouTrack, and here are detailed steps on how I did it.
More than a year ago I discovered a misconfiguration that leads to SSRF in YouTrack, and here are detailed steps on how I did it.
Score: 0
Submitted by: Hacklad
Vulnerability class:
Information Disclosure
Information Disclosure
Description:
Today I am going to explain one of the coolest and easiest bugs which I accidentally found on Instagram a few months ago
Today I am going to explain one of the coolest and easiest bugs which I accidentally found on Instagram a few months ago
Score: 0
Submitted by: Hacklad
Vulnerability class:
Denial of Service (DoS)
Denial of Service (DoS)
Description:
In this article, we will discuss Denial-of-Service vulnerabilities, how to find one, and present 25 disclosed reports based on this issue.
In this article, we will discuss Denial-of-Service vulnerabilities, how to find one, and present 25 disclosed reports based on this issue.
Score: 0
Submitted by: Hacklad
Vulnerability class:
Server Side Request Forgery
Server Side Request Forgery
Description:
This is my first write-up, and in this write-up i’m gonna share with you my recent exciting finding which led me to extract aws metadata !
This is my first write-up, and in this write-up i’m gonna share with you my recent exciting finding which led me to extract aws metadata !
Score: 0
Submitted by: Hacklad
Vulnerability class:
Information Disclosure
Information Disclosure
Description:
First of all, just learn to recon and improve your methodology in recon don’t just follow another one’s recon tip if you do so there is no difference between you and them
First of all, just learn to recon and improve your methodology in recon don’t just follow another one’s recon tip if you do so there is no difference between you and them
Score: 0
Submitted by: Hacklad
Vulnerability class:
Cross Site Scripting (XSS)
Cross Site Scripting (XSS)
Description:
In brief, you may be able to escalate your attacks by using API’s, javacript workarounds, a misconfiguration on a domain that isn’t under the program scope.
In brief, you may be able to escalate your attacks by using API’s, javacript workarounds, a misconfiguration on a domain that isn’t under the program scope.
Score: 0
Submitted by: quas
Vulnerability class:
Client Side Request Forgery
Client Side Request Forgery
Description:
I was hunting on Bugcrowd private program. The program has 4 different kinds of roles Like Admin, H-User, L-User, and Guest.
I was hunting on Bugcrowd private program. The program has 4 different kinds of roles Like Admin, H-User, L-User, and Guest.
Score: 0
Submitted by: quas
Vulnerability class:
Pastejacking
Pastejacking
Title:
Pastejacking
Pastejacking
Description:
Browsers now allow developers to automatically add content to a user's clipboard, following certain conditions. Namely, this can only be triggered on browser events. This post details how you can exploit this to trick a user into running commands they didn't want to get ran, and gain code execution.
Browsers now allow developers to automatically add content to a user's clipboard, following certain conditions. Namely, this can only be triggered on browser events. This post details how you can exploit this to trick a user into running commands they didn't want to get ran, and gain code execution.
Link to writeup:
https://github.com/dxa4481/Pastejacking
https://github.com/dxa4481/Pastejacking
Score: 0
Submitted by: quas
Vulnerability class:
Cross Site Scripting (XSS)
Cross Site Scripting (XSS)
Title:
Drag Drop XSS in Google ;)
Drag Drop XSS in Google ;)
Description:
It was started with a tweet from Dr. Mario here https://twitter.com/0x6D6172696F/status/558346300790276096
It was started with a tweet from Dr. Mario here https://twitter.com/0x6D6172696F/status/558346300790276096
Link to writeup:
https://blog.yappare.com/2016/04/drag-drop-xss-in-google.html
https://blog.yappare.com/2016/04/drag-drop-xss-in-google.html
Score: 0
Submitted by: quas
Vulnerability class:
Cross Site Scripting (XSS)
Cross Site Scripting (XSS)
Description:
A few weeks ago I found an issue which initially looks like unexploitable, it was Self XSS again, this time in Search Box where users can search for books/documents, XSS get triggered once we type/paste our payload in search box via Applications AutoSuggestion feature, but once search get completed it gets blocked by WAF at the backend, so only way to trigger XSS was AutoSuggestion feature which only can be done by user himself, so we cant do anything fancy here like THIS.
A few weeks ago I found an issue which initially looks like unexploitable, it was Self XSS again, this time in Search Box where users can search for books/documents, XSS get triggered once we type/paste our payload in search box via Applications AutoSuggestion feature, but once search get completed it gets blocked by WAF at the backend, so only way to trigger XSS was AutoSuggestion feature which only can be done by user himself, so we cant do anything fancy here like THIS.
Score: 0
Submitted by: quas
Vulnerability class:
Server Side Request Forgery
Server Side Request Forgery
Description:
Recently i discovered a semi responded SSRF on Vimeo with code execution possibility. This blog post explains how i found & exploited it. So lets get started.
Recently i discovered a semi responded SSRF on Vimeo with code execution possibility. This blog post explains how i found & exploited it. So lets get started.
Score: 0
Submitted by: quas
Vulnerability class:
Cross Site Scripting (XSS)
Cross Site Scripting (XSS)
Title:
The pitfalls of postMessage
The pitfalls of postMessage
Description:
The postMessage API is an alternative to JSONP, XHR with CORS headers and other methods enabling sending data between origins. It was introduced with HTML5 and like many other cross-document features it can be a source of client-side vulnerabilities.
The postMessage API is an alternative to JSONP, XHR with CORS headers and other methods enabling sending data between origins. It was introduced with HTML5 and like many other cross-document features it can be a source of client-side vulnerabilities.
Link to writeup:
https://labs.detectify.com/2016/12/08/the-pitfalls-of-postmessage/
https://labs.detectify.com/2016/12/08/the-pitfalls-of-postmessage/
Score: 0
Submitted by: quas
Vulnerability class:
Authorization Bypass
Authorization Bypass
Description:
TL;DR: Setting up access control of AWS S3 consists of multiple levels, each with its own unique risk of misconfiguration. We will go through the specifics of each level and identify the dangerous cases where weak ACLs can create vulnerable configurations impacting the owner of the S3-bucket and/or through third party assets used by a lot of companies.
TL;DR: Setting up access control of AWS S3 consists of multiple levels, each with its own unique risk of misconfiguration. We will go through the specifics of each level and identify the dangerous cases where weak ACLs can create vulnerable configurations impacting the owner of the S3-bucket and/or through third party assets used by a lot of companies.
Score: 0
Submitted by: quas
Vulnerability class:
Authorization Bypass
Authorization Bypass
Description:
If you’re unfamiliar with GraphQL, here’s a quick refresher: In its most basic use case, GraphQL allows you to call specific fields on objects – but that’s just the beginning.
If you’re unfamiliar with GraphQL, here’s a quick refresher: In its most basic use case, GraphQL allows you to call specific fields on objects – but that’s just the beginning.
Link to writeup:
https://labs.detectify.com/2018/03/14/graphql-abuse/
https://labs.detectify.com/2018/03/14/graphql-abuse/
Score: 0
Submitted by: quas
Vulnerability class:
UI Redressing
UI Redressing
Description:
Why X-FRAME-OPTIONS matters on API endpoints
Why X-FRAME-OPTIONS matters on API endpoints
Score: 0
Submitted by: quas
Vulnerability class:
Server Side Request Forgery
Server Side Request Forgery
Description:
I found a form for uploading my videos in the user’s personal account. But in such a simple action for uploading video, I found two critical security issues.
I found a form for uploading my videos in the user’s personal account. But in such a simple action for uploading video, I found two critical security issues.
Score: 0
Submitted by: quas
Vulnerability class:
Insecure Direct Object Reference (IDOR)
Insecure Direct Object Reference (IDOR)
Description:
After digging around in Facebook looking for possible bug’s, I watched Facebook recently added a feature that allows fans to allow them to submit requests to be categorized in their favorite pages as their “Top Fans”. Facebook has made this optional.
After digging around in Facebook looking for possible bug’s, I watched Facebook recently added a feature that allows fans to allow them to submit requests to be categorized in their favorite pages as their “Top Fans”. Facebook has made this optional.
Score: 0
Submitted by: quas
Vulnerability class:
Insecure Direct Object Reference (IDOR)
Insecure Direct Object Reference (IDOR)
Description:
I said what if I change my “fbid” number with other user’s “fbid” attached photo :)
I said what if I change my “fbid” number with other user’s “fbid” attached photo :)
Score: 0
Submitted by: quas
Vulnerability class:
Recon
Recon
Title:
Live Hacking like a MVH
Live Hacking like a MVH
Description:
A walkthrough on methodology and strategies to win big
A walkthrough on methodology and strategies to win big
Score: 0
Submitted by: quas
Vulnerability class:
Reflected Cross Site Scripting
Reflected Cross Site Scripting
Description:
How to achieve a full reflected XSS attack which includes the ability to run a complete script and not just an alert popup with the least amount of characters?
How to achieve a full reflected XSS attack which includes the ability to run a complete script and not just an alert popup with the least amount of characters?
Score: 0
Submitted by: quas
Vulnerability class:
Cross Site Scripting (XSS)
Cross Site Scripting (XSS)
Description:
There are cases where the injection point lands in the middle of a more complex JS code: inside functions and conditionals (if or if+else), nested inside each other.
There are cases where the injection point lands in the middle of a more complex JS code: inside functions and conditionals (if or if+else), nested inside each other.
Link to writeup:
https://brutelogic.com.br/blog/advanced-javascript-injections/
https://brutelogic.com.br/blog/advanced-javascript-injections/
Score: 0
Submitted by: quas
Vulnerability class:
Cross Site Scripting (XSS)
Cross Site Scripting (XSS)
Title:
XSS in Limited Input Formats
XSS in Limited Input Formats
Description:
Testing for XSS vulnerabilities requires knowing the data format of input. Usually the format is simply “string” without any restrictions but sometimes the manipulation of XSS entry point is limited.
Testing for XSS vulnerabilities requires knowing the data format of input. Usually the format is simply “string” without any restrictions but sometimes the manipulation of XSS entry point is limited.
Link to writeup:
https://brutelogic.com.br/blog/xss-limited-input-formats/
https://brutelogic.com.br/blog/xss-limited-input-formats/
Score: 0
Submitted by: quas
Vulnerability class:
Server Side Template Injection (SSTI)
Server Side Template Injection (SSTI)
Description:
Las aplicaciones modernas utilizan plantillas para agilizar tiempos, mostrar contenido de forma ordenada y estructurada para hacer más sencilla la vida de los desarrolladores, sin embargo, algunos motores e implementaciones son vulnerables a inyecciones, permitiendo interactuar de forma directa con el motor o inclusive la ejecución remota de código.
Las aplicaciones modernas utilizan plantillas para agilizar tiempos, mostrar contenido de forma ordenada y estructurada para hacer más sencilla la vida de los desarrolladores, sin embargo, algunos motores e implementaciones son vulnerables a inyecciones, permitiendo interactuar de forma directa con el motor o inclusive la ejecución remota de código.
Link to writeup:
https://slides.com/artssec/explotacion-y-prevencion-de-ssti#/
https://slides.com/artssec/explotacion-y-prevencion-de-ssti#/
Score: 0
Submitted by: quas
Vulnerability class:
Remote Code Execution (RCE)
Remote Code Execution (RCE)
Description:
I first got to this subdomain via the usual subdomain enumeration. It looked unpromising: a 404 page that said “this website is not in use,” a little picture, and nothing else. Running path discovery for the usual pages turned up nothing, not even a useful robots.txt. However, I took a closer look at the footer.
I first got to this subdomain via the usual subdomain enumeration. It looked unpromising: a 404 page that said “this website is not in use,” a little picture, and nothing else. Running path discovery for the usual pages turned up nothing, not even a useful robots.txt. However, I took a closer look at the footer.
Link to writeup:
https://hackerone.com/reports/502758
https://hackerone.com/reports/502758
Score: 0
Submitted by: quas
Vulnerability class:
Remote Code Execution (RCE)
Remote Code Execution (RCE)
Description:
SSRF->Telnet->RCE chain in Scrapy, found by @alertot
SSRF->Telnet->RCE chain in Scrapy, found by @alertot
Score: 0
Submitted by: quas
Vulnerability class:
Server Side Request Forgery
Server Side Request Forgery
Description:
I was looking for server side issue i see there box for adding url for job advertise first thing come in my mind try for SSRF here
I was looking for server side issue i see there box for adding url for job advertise first thing come in my mind try for SSRF here
Score: 0
Submitted by: quas
Vulnerability class:
Recon
Recon
Description:
How To Shot Web :- @jhaddix Domain Discovery Theg HuntersMethodology v2.1 & v3 It's the Little Things II :-@Nahamsec Recon Like A Boss BUG BOUNTY FUNSHOP:- @prateek_0490 Journey to the top on:- @yappare
How To Shot Web :- @jhaddix Domain Discovery Theg HuntersMethodology v2.1 & v3 It's the Little Things II :-@Nahamsec Recon Like A Boss BUG BOUNTY FUNSHOP:- @prateek_0490 Journey to the top on:- @yappare