Bug Bounty
@Bug0x
5.5K
subscribers
14
photos
134
links
@HackerOne
Admin :
@Offensive
Download Telegram
Join
Bug Bounty
5.5K subscribers
Bug Bounty
https://medium.com/@vbharad/account-takeover-through-password-reset-poisoning-72989a8bb8ea
Medium
Account Takeover Through Password Reset Poisoning
Introduction :
Bug Bounty
https://medium.com/bugbountywriteup/devoops-an-xml-external-entity-xxe-hackthebox-walkthrough-fb5ba03aaaa2
Medium
DevOops — An XML External Entity (XXE) HackTheBox Walkthrough
Summary
Bug Bounty
https://hailstorm1422.com/linkedin-blind-idor/
Bug Bounty
https://bugs.xdavidhu.me/google/2020/03/08/the-unexpected-google-wide-domain-check-bypass/
bugs.xdavidhu.me
The unexpected Google wide domain check bypass
David Schütz's bug bounty writeups
Bug Bounty
https://medium.com/@s3c/how-i-hacked-worldwide-zoom-users-eafdff94077d
Bug Bounty
https://medium.com/bugbountywriteup/bounty-tip-easiest-way-to-bypass-apis-rate-limit-f984fad40093
Medium
Bounty Tip !! Easiest way to bypass API’s Rate Limit.
What is Rate Limit ?
Bug Bounty
https://medium.com/bugbountywriteup/bounty-tip-easiest-way-to-bypass-apis-rate-limit-f984fad40093
Medium
Bounty Tip !! Easiest way to bypass API’s Rate Limit.
What is Rate Limit ?
Bug Bounty
https://hackerone.com/reports/320355
HackerOne
Shopify disclosed on HackerOne: myshopify.com domain takeover
On February 27, 2018, Shopify support received notification that `myshopify.com` was being redirected to a specific Shopify store. We tracked the behaviour down to tests from @0xacb. Unknowingly,...
Bug Bounty
https://hackerone.com/reports/827052
HackerOne
GitLab disclosed on HackerOne: Arbitrary file read via the...
### Summary
The `UploadsRewriter` does not validate the file name, allowing arbitrary files to be copied via directory traversal when moving an issue to a new project.
The pattern used to look for...
Bug Bounty
https://hackerone.com/reports/506646
HackerOne
Starbucks disclosed on HackerOne: Webshell via File Upload on...
johnstone discovered An arbitrary file upload via the resume functionality at https://ecjobs.starbucks.com.cn which led to arbitrary code execution by uploading a webshell.
@johnstone — thank for...
Bug Bounty
https://hackerone.com/reports/429000
HackerOne
U.S. Dept Of Defense disclosed on HackerOne: Access to all...
**Summary:**
Due to an Insecure Direct Object Reference (IDOR) in adding recipients to a shared package on ██████████, an unauthenticated attacker can access all files uploaded to ████. As...
Bug Bounty
https://hackerone.com/reports/237381
Bug Bounty
Forwarded from
HackerOne
(
Amir Kiani
)
Core Impact 19.1 with unlimited license with April updates. Bonus 3rd party Core tools. 5000$
@neoleadS
Bug Bounty
Forwarded from
HackerOne
(
Amir Kiani
)
Bug Bounty
https://medium.com/@imayankraheja/tampering-encrypted-parameter-to-account-takeover-a5fec7dde360
Medium
Tampering Encrypted Parameter to Account Takeover
Hola Infosec! Thanks for showing so much love to my previous story. Just like my last writup, today also I am going to share an…
Bug Bounty
#BugBounty
#Tips
Bug Bounty
https://jlajara.gitlab.io/posts/2020/02/19/Bypass_WAF_Unicode.html
Waf Bypass
TWeb.init({scrollToPost:'Bug0x/69'});
