NEW BOT Телеграм, страница

https://blog.cobalt.io/bypassing-the-protections-mfa-bypass-techniques-for-the-win-8ef6215de6ab

4.12K viewsAmir Kiani, 21:54

https://mokhansec.medium.com/full-account-takeover-worth-1000-think-out-of-the-box-808f0bdd8ac7

Full account takeover worth $1000 Think out of the box

Hi everyone how are you doing today? I hope you are doing great and scoring lots of bounties. Today's story is about a bug I found on…

4.28K viewsAmir Kiani, 11:59

Bug Bounty

https://dhiyaneshgeek.github.io/web/security/2021/02/19/exploiting-out-of-band-xxe/

Geek Freak

Exploiting Out-Of-Band XXE on Wildfire

Data Exfiltration using XXE via HTTP LOCK Method

4.3K viewsAmir Kiani, 08:28

Bug Bounty

Forwarded from HackerOne (Amir Kiani)

https://news.1rj.ru/str/bugpoint
Good Channel for Public Bug Bounty Write-Up

Bugpoint

Latest updates about disclosure bug bounty reports: tech details, impacts, bounties 📣

Rate👇
https://cutt.ly/bugpoint_rate
Feedback👇
https://cutt.ly/bugpoint_feedback

#️⃣ bug bounty disclosed reports
#️⃣ bug bounty write-ups
#️⃣ bug bounty teleg

4.27K viewsAmir Kiani, 07:40

Bug Bounty

Facebook Group Members Disclosure

https://spongebhav.medium.com/facebook-group-members-disclosure-e53eb83df39e

Medium

Facebook Group Members Disclosure.

Hello bug bounty family, In this article I will sharing about two of my bugs on Facebook. $4500 each, a total of $9000.

4.22K viewsAdeL, 18:42

Bug Bounty

https://hackerone.com/reports/1074047

HackerOne

Bumble disclosed on HackerOne: Misconfigured oauth leads to Pre...

##Summary

While testing badoo i have noticed that users can use SMAL (Google,MSN,VKontakte,Odnoklassniki,Yandex
Mail.Ru) to create and login to badoo accounts. Now there are two ways of...

4.14K viewsAmir Kiani, 15:38

Bug Bounty

https://www.azizhakim.com/2021/03/txt-file-upload-allowance-can-be-act-as.html

4.26K viewsAmir Kiani, 18:21

Bug Bounty

4.8K viewsAmir Kiani, 04:25

Bug Bounty

https://infosecwriteups.com/exploiting-http-request-smuggling-te-cl-xss-to-website-takeover-c0fc634a661b

Medium

Exploiting HTTP Request Smuggling (TE.CL)— XSS to website takeover

Even though HTTP Request Smuggling is documented back on 2005, it is still one of the least known Webapp vulnerability out there.

5.34K viewsAmir Kiani, 06:32

Bug Bounty

IDOR — Sensitive Data Exposure (IOS Application)

https://helmay.medium.com/bug-bounty-idor-sensitive-data-exposure-ios-application-ba80c93887a9

Medium

[BUG BOUNTY] IDOR — Sensitive Data Exposure (IOS Application)

بسم الله الرحمن الرحيم

6.5K viewsAdeL, 22:18

Bug Bounty

7.16K viewsAmir Kiani, 18:28

Bug Bounty

https://notifybugme.medium.com/how-github-recon-help-me-to-find-nine-full-ssrf-vulnerability-with-aws-metadata-access-531d931413a5

Medium

How Github recon help me to find NINE FULL SSRF Vulnerability with AWS metadata access

Hi, everyone

5.62K viewsAmir Kiani, 02:28

Bug Bounty

SQL injection on admin.acronis.host development web service

https://hackerone.com/reports/923020

HackerOne

Acronis disclosed on HackerOne: SQL injection on admin.acronis.host...

SQL injection was possible on `admin.acronis.host` web service that was used for development purposes only. Acronis security team confirmed that the service did not contain any sensitive data or...

5.54K viewsAdeL, 06:43

Bug Bounty

Post-Auth Stored XSS with User Interaction leads to Remote Code Execution

https://hackerone.com/reports/1132202

HackerOne

Rocket.Chat disclosed on HackerOne: Post-Auth Stored XSS with User...

**Summary:**
Unsafe usage of the `toastr` library leads to Stored XSS when combined with a validation bypass in the `createRoom` function. Targeting an admin account leads to Remote Code...

6.13K viewsAdeL, 10:58

Bug Bounty

medium.com/geekculture/bug-bounty-methodology-v4-0-demonstrate

5.48K viewsAmir Kiani, 06:46

Bug Bounty

Remote code execution in cdnjs of Cloudflare
https://blog.ryotak.me/post/cdnjs-remote-code-execution-en/

blog.ryotak.net

Remote code execution in cdnjs of Cloudflare

Preface
(日本語版も公開されています。)
Cloudflare, which runs cdnjs, is running a “Vulnerability Disclosure Program” on HackerOne, which allows hackers to perform vulnerability assessments.
This article describes vulnerabilities reported through this program and published…

5.57K viewsAdeL, 13:51

Bug Bounty

https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md

GitHub

awesome-burp-extensions/README.md at master · snoopysecurity/awesome-burp-extensions

A curated list of amazingly awesome Burp Extensions - snoopysecurity/awesome-burp-extensions

5.55K viewsAmir Kiani, 23:06

Bug Bounty

https://ahmadaabdulla.medium.com/how-i-found-sql-injection-on-8x8-cengage-comodo-automattic-20-company-c296d1a09f63

Medium

How I Found Sql Injection on 8x8 , Cengage,Comodo,Automattic,20 company

How I Found Sql Injection on 8x8 , Cengage ,Comodo ,Automattic ,intel ,IBM ,MTN Group ,uis.cam.ac.uk ,volvocars.biz ,asus.com

5.6K viewsAmir Kiani, 03:27

Bug Bounty

CVE-2021-22945:
UAF and double-free in MQTT sending

https://hackerone.com/reports/1269242

HackerOne

curl disclosed on HackerOne: CVE-2021-22945: UAF and double-free in...

# Vulnerability Denoscription
libcurl version 7.77.0 has a [Use-After-Free](https://github.com/curl/curl/blob/curl-7_77_0/lib/mqtt.c#L559) and a...

5.32K viewsAdel, 19:39

Bug Bounty

https://pwnsauc3.medium.com/weaponizing-reflected-xss-to-account-takeover-ae8aeea7aca3

Medium

Weaponizing Reflected XSS to Account Takeover

Hi fellow hunters, this is my first writeup for the community in which i will explain how i found a reflected cross site noscripting bug and…

6.58K viewsAdel, 20:17

Bug Bounty

https://youtu.be/pbRk8sCvcsg

YouTube

Analyze, Reverse and Exploit CVE-2021-40444

In this video, we dive into Microsoft MSHTML Remote Code Execution Vulnerability (CVE-2021-40444).
[English subnoscripts added]
#cve202140444 #debugging #reversing #exploit #analyze #0day #CVE 202140444
Related Links:
https://github.com/aydianosec/CVE2021-40444…

7.63K viewsAmir Kiani, 17:00

About

Blog

Apps

Platform