Vote
Score
Submited by
Vulnerability Class
Title
Description
Link

Score: 3
Submitted by: quas
Vulnerability class:
Information Disclosure
Title:
Think Outside the Scope: Advanced CORS Exploitation Techniques
Description:
Two different cases of how I was able to exploit a CORS misconfiguration: The first case based on an XSS, and requires thinking outside of the scope, and the second is based on an advanced CORS exploitation technique.
Link to writeup:
https://medium.com/@sandh0t/think-outside-the-scope-advanced-cors-exploitation-techniques-dad019c68397

Score: 1
Submitted by: quas
Vulnerability class:
XXE
Title:
From blind XXE to root-level file read access
Description:
On a recent bug bounty adventure, I came across an XML endpoint that responded interestingly to attempted XXE exploitation.
Link to writeup:
https://honoki.net/2018/12/12/from-blind-xxe-to-root-level-file-read-access/

Score: 1
Submitted by: quas
Vulnerability class:
Information Disclosure
Title:
You do not need to run 80 reconnaissance tools to get access to user accounts
Description:
An open redirect was almost everything I needed in two different bug bounty programs to get access to user accounts. In one of the cases a JWT was leaked, and in the other the CSRF token was leaked.
Link to writeup:
https://gist.github.com/stefanocoding/8cdc8acf5253725992432dedb1c9c781

Score: 1
Submitted by: quas
Vulnerability class:
Cross Site Scripting (XSS)
Title:
JUMPING TO THE HELL WITH 10 ATTEMPTS TO BYPASS DEVIL’S WAF
Description:
This is a quick write up for a waf bypass on a private bbp, so i will keep hidden the name of the program.
Link to writeup:
https://medium.com/bugbountywriteup/jumping-to-the-hell-with-10-attempts-to-bypass-devils-waf-4275bfe679dd

Score: 1
Submitted by: quas
Vulnerability class:
XXE
Title:
Exploiting XXE with local DTD files
Description:
This little technique can force your blind XXE to output anything you want!
Link to writeup:
https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/

Score: 0
Submitted by: quas
Vulnerability class:
Server Side Request Forgery
Title:
SSRF vulnerability via FFmpeg HLS processing
Description:
I found a form for uploading my videos in the user’s personal account. But in such a simple action for uploading video, I found two critical security issues.
Link to writeup:
https://medium.com/@valeriyshevchenko/ssrf-vulnerability-via-ffmpeg-hls-processing-f3823c16f3c7

Score: 0
Submitted by: quas
Vulnerability class:
Insecure Direct Object Reference (IDOR)
Title:
IDOR FACEBOOK: malicious person add people to the “Top Fans”
Description:
After digging around in Facebook looking for possible bug’s, I watched Facebook recently added a feature that allows fans to allow them to submit requests to be categorized in their favorite pages as their “Top Fans”. Facebook has made this optional.
Link to writeup:
https://medium.com/@UpdateLap/idor-facebook-malicious-person-add-people-to-the-top-fans-4f1887aad85a

Score: 0
Submitted by: quas
Vulnerability class:
Insecure Direct Object Reference (IDOR)
Title:
How I was able to delete any image in Facebook community question forum
Description:
I said what if I change my “fbid” number with other user’s “fbid” attached photo :)
Link to writeup:
https://medium.com/@JubaBaghdad/how-i-was-able-to-delete-any-image-in-facebook-community-question-forum-a03ea516e327

Score: 0
Submitted by: quas
Vulnerability class:
Recon
Title:
Live Hacking like a MVH
Description:
A walkthrough on methodology and strategies to win big
Link to writeup:
https://speakerdeck.com/fransrosen/live-hacking-like-a-mvh-a-walkthrough-on-methodology-and-strategies-to-win-big

Score: 0
Submitted by: quas
Vulnerability class:
Reflected Cross Site Scripting
Title:
The Shortest Reflected XSS Attack Possible
Description:
How to achieve a full reflected XSS attack which includes the ability to run a complete script and not just an alert popup with the least amount of characters?
Link to writeup:
https://brutelogic.com.br/blog/shortest-reflected-xss-possible/?utm_source=ReviveOldPost&utm_medium=social&utm_campaign=ReviveOldPost

Score: 0
Submitted by: quas
Vulnerability class:
Cross Site Scripting (XSS)
Title:
Advanced JavaScript Injections
Description:
There are cases where the injection point lands in the middle of a more complex JS code: inside functions and conditionals (if or if+else), nested inside each other.
Link to writeup:
https://brutelogic.com.br/blog/advanced-javascript-injections/

Score: 0
Submitted by: quas
Vulnerability class:
Cross Site Scripting (XSS)
Title:
XSS in Limited Input Formats
Description:
Testing for XSS vulnerabilities requires knowing the data format of input. Usually the format is simply “string” without any restrictions but sometimes the manipulation of XSS entry point is limited.
Link to writeup:
https://brutelogic.com.br/blog/xss-limited-input-formats/

Score: 0
Submitted by: quas
Vulnerability class:
Server Side Template Injection (SSTI)
Title:
Explotación y Prevención de SSTI
Description:
Las aplicaciones modernas utilizan plantillas para agilizar tiempos, mostrar contenido de forma ordenada y estructurada para hacer más sencilla la vida de los desarrolladores, sin embargo, algunos motores e implementaciones son vulnerables a inyecciones, permitiendo interactuar de forma directa con el motor o inclusive la ejecución remota de código.
Link to writeup:
https://slides.com/artssec/explotacion-y-prevencion-de-ssti#/

Score: 0
Submitted by: quas
Vulnerability class:
Remote Code Execution (RCE)
Title:
RCE and Complete Server Takeover of http://www.█████.starbucks.com.sg/
Description:
I first got to this subdomain via the usual subdomain enumeration. It looked unpromising: a 404 page that said “this website is not in use,” a little picture, and nothing else. Running path discovery for the usual pages turned up nothing, not even a useful robots.txt. However, I took a closer look at the footer.
Link to writeup:
https://hackerone.com/reports/502758

Score: 0
Submitted by: quas
Vulnerability class:
Remote Code Execution (RCE)
Title:
A Questionable Journey From XSS to RCE
Description:
As many of you reading this probably already know, in mid April, a good friend of mine (@Daley) and I located a Remote Code Execution vulnerability in EA’s Origin client (CVE-2019-11354). Today I’m going to go in depth on how we discovered this vulnerability, along with a couple others we needed to chain along the way ;pp
Link to writeup:
https://zeropwn.github.io/2019-05-13-xss-to-rce/

Score: 0
Submitted by: quas
Vulnerability class:
Cross Site Scripting (XSS)
Title:
XSS without parentheses and semi-colons
Description:
A few years ago I discovered a technique to call functions in JavaScript without parentheses using onerror and the throw statement. It works by setting the onerror handler to the function you want to call and the throw statement is used to pass the argument to the function
Link to writeup:
https://portswigger.net/blog/xss-without-parentheses-and-semi-colons

Score: 0
Submitted by: quas
Vulnerability class:
Recon
Title:
Awesome Asset Discovery
Description:
Through this repository, we want to put out a list of curated resources which help during asset discovery phase of a security assessment engagement.
Link to writeup:
https://github.com/redhuntlabs/Awesome-Asset-Discovery

Score: 0
Submitted by: quas
Vulnerability class:
Remote Code Execution (RCE)
Title:
“Web scraping considered dangerous”: Exploiting the telnet service in scrapy < 1.5.2
Description:
SSRF->Telnet->RCE chain in Scrapy, found by @alertot
Link to writeup:
https://medium.com/alertot/web-scraping-considered-dangerous-exploiting-the-telnet-service-in-scrapy-1-5-2-ad5260fea0db

Score: 0
Submitted by: quas
Vulnerability class:
Blind Server Side Request Forgery (Blind SSRF)
Title:
BLIND SSRF in *.stripe.com due to Sentry Misconfiguration
Description:
Before we doing pentesting we should know our target using any third party service.
Link to writeup:
https://medium.com/@0ktavandi/blind-ssrf-in-stripe-com-due-to-sentry-misconfiguration-60ebb6a40b5

Score: 0
Submitted by: quas
Vulnerability class:
Server Side Request Forgery
Title:
Server Side Request Forgery(SSRF){port issue hidden approach }
Description:
I was looking for server side issue i see there box for adding url for job advertise first thing come in my mind try for SSRF here
Link to writeup:
https://medium.com/@w_hat_boy/server-side-request-forgery-ssrf-port-issue-hidden-approch-f4e67bd8cc86

Score: 0
Submitted by: quas
Vulnerability class:
Insecure Direct Object Reference (IDOR)
Title:
Facebook IDOR bug in GraphQL
Description:
The vulnerability type "IDOR": allows any potential attacker to change the account settings for another user
Link to writeup:
https://www.youtube.com/watch?v=lY_5FHhRVko&feature=youtu.be

Score: 0
Submitted by: quas
Vulnerability class:
Recon
Title:
Github OSINT
Description:
When performing your initial recon on an organization dont forget about Github. Github is used by developers to maintain and share their code, most of the time they end up sharing much more though.
Link to writeup:
https://medium.com/@ghostlulzhacks/github-osint-1e8a96f9fdb8

Score: 0
Submitted by: quas
Vulnerability class:
Denial of Service (DoS)
Title:
Denial of Service using Cookie Bombing
Description:
While observing headers and response of the first request which was simple GET request to homepage WWW.EXAMPLE.COM, it came to my mind that why not check hidden get parameters?
Link to writeup:
https://medium.com/@ronak_9889/denial-of-service-using-cookie-bombing-55c2d0ef808c

Score: 0
Submitted by: quas
Vulnerability class:
Cross Site Scripting (XSS)
Title:
Twitter lite(Android): Vulnerable to local file steal, Javascript injection, Open redirect
Description:
com.twitter.android.lite.TwitterLiteActivity is set to exported and doesn't validate data pass to intent due to which this activity vulnerable to steal users local files, javascript injection and open redirect.
Link to writeup:
https://hackerone.com/reports/499348

Score: 0
Submitted by: quas
Vulnerability class:
Stored Cross Site Scripting
Title:
Tale of a Wormable Twitter XSS
Description:
In mid-2018, I found a stored XSS on Twitter in the least likely place you could think of. Yes, right in the tweet! But what makes this XSS so special is that it had the potential to be turned into a fully-fledged XSS worm.
Link to writeup:
https://www.virtuesecurity.com/tale-of-a-wormable-twitter-xss/

Score: 0
Submitted by: quas
Vulnerability class:
Cross Site Scripting (XSS)
Title:
XSS and cache poisoning via upload.twitter.com on ton.twitter.com
Description:
attackers can bypass the upload restriction on upload.twitter.com to cause XSS on ton.twitter.com and cache poisoning.
Link to writeup:
https://hackerone.com/reports/84601

Score: 0
Submitted by: quas
Vulnerability class:
XXE
Title:
A $7.500 BUG Bounty Bug explained, step by step. (BLIND XXE OOB over DNS)
Description:
In this vlog il walk you through a BLIND XXE OOB over DNS bug on a super hardened target and teach you how to exploit it.
Link to writeup:
https://www.youtube.com/watch?v=f3SXDBMGGb8

Score: 0
Submitted by: quas
Vulnerability class:
Recon
Title:
5 super important main-app testing tips for bug bounty hunters with STOK&Haddix
Description:
Five things to test on the main app. And If you don't test for these, well then you're missing out!.
Link to writeup:
https://www.youtube.com/watch?v=aNQg9mg4WNI

Score: 0
Submitted by: quas
Vulnerability class:
Remote File Inclusion
Title:
Exploiting Remote File Inclusion (RFI) in PHP application and bypassing remote URL inclusion restriction
Description:
Exploiting Remote File Inclusion (RFI) vulnerability in PHP applications which is vulnerable to "File Inclusion attack". We will bypass the Remote URL inclusion restriction and perform the exploitation of RFI even if PHP environment is configured not to include files from remote HTTP/FTP URL.
Link to writeup:
http://www.mannulinux.org/2019/05/exploiting-rfi-in-php-bypass-remote-url-inclusion-restriction.html

Score: -1
Submitted by: quas
Vulnerability class:
Recon
Title:
All in one Recon Methodology PDF by @1ndianl33t
Description:
How To Shot Web :- @jhaddix Domain Discovery Theg HuntersMethodology v2.1 & v3 It's the Little Things II :-@Nahamsec Recon Like A Boss BUG BOUNTY FUNSHOP:- @prateek_0490 Journey to the top on:- @yappare
Link to writeup:
https://drive.google.com/file/d/1uBTra6_jwhLnZALJVp9hmHaty2pBBUH2/view