Data Exfiltration using XXE via HTTP LOCK Method

Latest updates about disclosure bug bounty reports: tech details, impacts, bounties 📣

Rate👇
https://cutt.ly/bugpoint_rate
Feedback👇
https://cutt.ly/bugpoint_feedback

#️⃣ bug bounty disclosed reports
#️⃣ bug bounty write-ups
#️⃣ bug bounty teleg

Hello bug bounty family, In this article I will sharing about two of my bugs on Facebook. $4500 each, a total of $9000.

##Summary

While testing badoo i have noticed that users can use SMAL (Google,MSN,VKontakte,Odnoklassniki,Yandex
Mail.Ru) to create and login to badoo accounts. Now there are two ways of...

Even though HTTP Request Smuggling is documented back on 2005, it is still one of the least known Webapp vulnerability out there.

بسم الله الرحمن الرحيم

Hi, everyone

SQL injection was possible on `admin.acronis.host` web service that was used for development purposes only. Acronis security team confirmed that the service did not contain any sensitive data or...

**Summary:**
Unsafe usage of the `toastr` library leads to Stored XSS when combined with a validation bypass in the `createRoom` function. Targeting an admin account leads to Remote Code...

Preface
(日本語版も公開されています。)
Cloudflare, which runs cdnjs, is running a “Vulnerability Disclosure Program” on HackerOne, which allows hackers to perform vulnerability assessments.
This article describes vulnerabilities reported through this program and published…

A curated list of amazingly awesome Burp Extensions - snoopysecurity/awesome-burp-extensions

How I Found Sql Injection on 8x8 , Cengage ,Comodo ,Automattic ,intel ,IBM ,MTN Group ,uis.cam.ac.uk ,volvocars.biz ,asus.com

# Vulnerability Denoscription
libcurl version 7.77.0 has a [Use-After-Free](https://github.com/curl/curl/blob/curl-7_77_0/lib/mqtt.c#L559) and a...

Hi fellow hunters, this is my first writeup for the community in which i will explain how i found a reflected cross site noscripting bug and…

In this video, we dive into Microsoft MSHTML Remote Code Execution Vulnerability (CVE-2021-40444).
[English subnoscripts added]
#cve202140444 #debugging #reversing #exploit #analyze #0day #CVE 202140444
Related Links:
https://github.com/aydianosec/CVE2021-40444…

_Tested on Windows 10 x64_

* On Steam starting, it will check all installed files' Integrity, and re-download the modified file(s). This step makes every single file in Steam installation folder...

The 'how' and 'why' of CORS, from start to finish.