Hi guys, there is a problem at my site (have no idea that suddenly can’t connect to database even though I didn’t do anything). But, if Allah willed it, I will try my best to recover it. So, stay tune!
- Next story From Recon to Optimizing RCE Results – Simple Story with One of the Biggest ICT Company in the World
- Previous story 5,000 USD XSS Issue at Avast Desktop AntiVirus for Windows (Yes, Desktop!)
- Optimizing Hunting Results in VDP for use in Bug Bounty Programs - From Sensitive Information Disclosure to Accessing Hidden APIs which can be used to Retrieve Customer Data
- From Recon to Bypassing MFA Implementation in OWA by Using EWS Misconfiguration
- From 3,99 to 1,650 USD (Part I) – Simple Vertical Privilege Escalation by Changing HTTP Response
- From Recon to Optimizing RCE Results – Simple Story with One of the Biggest ICT Company in the World
- If Allah willed it, will be back soon!
- 5,000 USD XSS Issue at Avast Desktop AntiVirus for Windows (Yes, Desktop!)
- CVE-2019–18624 – Illegal Rendered at Download Feature in Several Apps (including Opera Mini) that Lead to Extension Manipulation (with RTLO)
An exciting journey to find SSRF , Bypass Cloudflare , and extract AWS metadata ! https://infosecwriteups.com/an-exciting-journey-to-find-ssrf-bypass-cloudflare-and-extract-aws-metadata-fdb8be0b5f79?source=rss----7b722bfd1b8d---4
Host Header Injection:-
New blog post for pentesters and bug bounty hunters: A walk though on how to set up Burp Suite for iOS App testing on both a physical jailbroken iOS device and also an emulated jailbroken iOS device on @CorelliumHQ #bugbounty
I wanna share my recent experience on how I did achieve RCE on file upload thats not revealing path of the where it's actually loaded. #bugbountytip