Bug Bounty
@Bug0x
5.5K
subscribers
14
photos
134
links
@HackerOne
Admin :
@Offensive
Download Telegram
Join
Bug Bounty
5.5K subscribers
Bug Bounty
https://hackerone.com/reports/549040
HackerOne
GitLab disclosed on HackerOne: Clientside resource Exhausting by...
### Summary
based on the documentation gitlab markdown is supporting math expresion rendering using `KaTex` and able to run subset syntax from `LaTex` this could be achieved by using 2 ways in the...
Bug Bounty
https://medium.com/bugbountywriteup/reflected-dom-xss-and-clickjacking-on-https-silvergoldbull-de-bt-html-daa36bdf7bf0
Medium
Reflected DOM XSS and CLICKJACKING on https://silvergoldbull.de/bt.html
While doing spidering on silvergoldbull site I noticed a strange request to https://silvergoldbull.de/bt.html with following request:
Bug Bounty
https://medium.com/@shahjerry33/mail-server-misconfiguration-f42734d19678
Medium
Mail Server Misconfiguration
Summary :
Bug Bounty
https://medium.com/@vbharad/account-takeover-through-password-reset-poisoning-72989a8bb8ea
Medium
Account Takeover Through Password Reset Poisoning
Introduction :
Bug Bounty
https://medium.com/bugbountywriteup/devoops-an-xml-external-entity-xxe-hackthebox-walkthrough-fb5ba03aaaa2
Medium
DevOops — An XML External Entity (XXE) HackTheBox Walkthrough
Summary
Bug Bounty
https://hailstorm1422.com/linkedin-blind-idor/
Bug Bounty
https://bugs.xdavidhu.me/google/2020/03/08/the-unexpected-google-wide-domain-check-bypass/
bugs.xdavidhu.me
The unexpected Google wide domain check bypass
David Schütz's bug bounty writeups
Bug Bounty
https://medium.com/@s3c/how-i-hacked-worldwide-zoom-users-eafdff94077d
Bug Bounty
https://medium.com/bugbountywriteup/bounty-tip-easiest-way-to-bypass-apis-rate-limit-f984fad40093
Medium
Bounty Tip !! Easiest way to bypass API’s Rate Limit.
What is Rate Limit ?
Bug Bounty
https://medium.com/bugbountywriteup/bounty-tip-easiest-way-to-bypass-apis-rate-limit-f984fad40093
Medium
Bounty Tip !! Easiest way to bypass API’s Rate Limit.
What is Rate Limit ?
Bug Bounty
https://hackerone.com/reports/320355
HackerOne
Shopify disclosed on HackerOne: myshopify.com domain takeover
On February 27, 2018, Shopify support received notification that `myshopify.com` was being redirected to a specific Shopify store. We tracked the behaviour down to tests from @0xacb. Unknowingly,...
Bug Bounty
https://hackerone.com/reports/827052
HackerOne
GitLab disclosed on HackerOne: Arbitrary file read via the...
### Summary
The `UploadsRewriter` does not validate the file name, allowing arbitrary files to be copied via directory traversal when moving an issue to a new project.
The pattern used to look for...
Bug Bounty
https://hackerone.com/reports/506646
HackerOne
Starbucks disclosed on HackerOne: Webshell via File Upload on...
johnstone discovered An arbitrary file upload via the resume functionality at https://ecjobs.starbucks.com.cn which led to arbitrary code execution by uploading a webshell.
@johnstone — thank for...
Bug Bounty
https://hackerone.com/reports/429000
HackerOne
U.S. Dept Of Defense disclosed on HackerOne: Access to all...
**Summary:**
Due to an Insecure Direct Object Reference (IDOR) in adding recipients to a shared package on ██████████, an unauthenticated attacker can access all files uploaded to ████. As...
Bug Bounty
https://hackerone.com/reports/237381
Bug Bounty
Forwarded from
HackerOne
(
Amir Kiani
)
Core Impact 19.1 with unlimited license with April updates. Bonus 3rd party Core tools. 5000$
@neoleadS
Bug Bounty
Forwarded from
HackerOne
(
Amir Kiani
)
TWeb.init({scrollToPost:'Bug0x/66'});
