In the name of Allah, the Most Gracious, the Most Merciful. Please kindly visit this simple paper directly to looking this release in simple:[English Version] IDOR...
- Optimizing Hunting Results in VDP for use in Bug Bounty Programs - From Sensitive Information Disclosure to Accessing Hidden APIs which can be used to Retrieve Customer Data
- From Recon to Bypassing MFA Implementation in OWA by Using EWS Misconfiguration
- From 3,99 to 1,650 USD (Part I) – Simple Vertical Privilege Escalation by Changing HTTP Response
- From Recon to Optimizing RCE Results – Simple Story with One of the Biggest ICT Company in the World
- If Allah willed it, will be back soon!
- 5,000 USD XSS Issue at Avast Desktop AntiVirus for Windows (Yes, Desktop!)
- CVE-2019–18624 – Illegal Rendered at Download Feature in Several Apps (including Opera Mini) that Lead to Extension Manipulation (with RTLO)
New Write-up on InfoSec Write-ups publication : "The YouTube bug that allowed unlisted uploads to any channel" #bugbounty #bugbountywriteup #bugbountytips https://ift.tt/33yk1VU
Snapchat disclosed a bug submitted by @nahamsec: https://hackerone.com/reports/530974 - Bounty: $4,000 #hackerone #bugbounty
Open redirect parameters from every disclosed @Hacker0x01 report ever, composed in one wordlist
The full list (48 unique): https://github.com/ptswarm/ptswarm-twitter/blob/main/2020-11-30-open-redirect-params.txt
Top 5 sorted by popularity 👇
This is my new favourite box! It requires a ton of enumeration and there are so many opportunities to go down rabbit holes. It reminds me of the OSCP exam where it took me forever to solve the boxes but when I wrote up the report, I realized how simple the attack vectors were 😐