CVE-2019–18653 & CVE-2019–18654: The story when Reflected XSS was triggering from SSID Name (It also affected AVG AntiVirus since basically the code of the those products...
- From Recon to Optimizing RCE Results – Simple Story with One of the Biggest ICT Company in the World
- If Allah willed it, will be back soon!
- 5,000 USD XSS Issue at Avast Desktop AntiVirus for Windows (Yes, Desktop!)
- CVE-2019–18624 – Illegal Rendered at Download Feature in Several Apps (including Opera Mini) that Lead to Extension Manipulation (with RTLO)
- Race Condition that could Result to RCE – (A story with an App that temporary stored an uploaded file within 2 seconds before moving it to Amazon S3)
- USB HID – Rubber Duck Payload – Auto Turn Off UAC, Firewall, & Defender at Windows 10 & Connect to Reverse Shell in 10 sec
- Adobe Photoshop CC 2019 v. 20.0.0 (for OS X) Expired Subscription Bypass – Bypass Trial Expired
New Write-up on InfoSec Write-ups publication : "XSS WAF & Character limitation bypass like a boss" https://ift.tt/33RlNQS
My company did some cool research using machine learning to predict vulnerabilities by looking at the words in a URL. More information on the blog:
#bugbountytip #BugBounty #bugbountytips #xss #ai #MachineLearning #infosec #appsec #redteam #pentest
[15/30] #bashtricks - sync dirs with rsync
Did you know that you can sync dirs between your local machine and your VPS with rsync?
a lot of hunters use a VPS as bb machine, so this can be useful to get all files from any VPS dir to your local or vice versa
@hakluke @Bugcrowd This https://hackerone.com/reports/195045 haha