NEW BOT Телеграм, страница

Forwarded from Bug Bounty (Amir Kiani)

U.S. Dept Of Defense disclosed on HackerOne: Access to all...

**Summary:**

Due to an Insecure Direct Object Reference (IDOR) in adding recipients to a shared package on ██████████, an unauthenticated attacker can access all files uploaded to ████. As...

449 viewsAmir Kiani, 07:41

HackerOne

Forwarded from Bug Bounty (Amir Kiani)

https://hackerone.com/reports/237381

456 viewsAmir Kiani, 07:41

HackerOne

https://hackerone.com/reports/759247

HackerOne

Reverb.com disclosed on HackerOne: Race Condition allows to redeem...

Hello team!

I've found a Race Condition vulnerability which allows to redeem gift cards multiple times. This how a s/he can easily buy stuff just bying one gift card and redeem it over and over...

2.87K viewsAmir Kiani, 07:49

HackerOne

Core Impact 19.1 with unlimited license with April updates. Bonus 3rd party Core tools. 5000$
@neoleadS

5.56K viewsAmir Kiani, edited 17:24

HackerOne

6.25K viewsAmir Kiani, 17:25

HackerOne

https://ctftime.org/event/1058

ctftime.org

UUTCTF 2020

UUTCTF is a student CTF organized by Urmia University of Technology. It is the CTF contest of P0SCon Cyber-Security C...

3.31K viewsMir Saman Tajbakhsh, 09:55

HackerOne

https://medium.com/@social_62682/from-fuzzing-to-remote-code-execution-in-samsung-android-56cbdebcfeca

4.03K viewsMmD, 06:04

HackerOne

https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/RT-011%20-%20Phishing%20Campaign

GitLab

RT-011 - Phishing Campaign · master · GitLab.com / GitLab Security Division / Security Operations Department / Red Team / Red Team…

As we come across interesting things that we want to share with the community we will document them here as a tech note.

3.47K viewsAmir Kiani, 13:57

HackerOne

github.com/redballoonshenanigans/monitordarkly

GitHub

GitHub - RedBalloonShenanigans/MonitorDarkly: Poc, Presentation of Monitor OSD Exploitation, and shenanigans of high quality.

Poc, Presentation of Monitor OSD Exploitation, and shenanigans of high quality. - RedBalloonShenanigans/MonitorDarkly

3.45K viewsAmir Kiani, 21:15

HackerOne

https://cube01.io/blog/Moodle-DOM-Stored-XSS-to-RCE.html

3.45K viewsAmir Kiani, 16:04

HackerOne

https://www.blackhat.com/docs/eu-16/materials/eu-16-Jurczyk-Effective-File-Format-Fuzzing-Thoughts-Techniques-And-Results.pdf

2.65K viewsAmir Kiani, 13:54

HackerOne

https://uae-i.blogspot.com/2020/06/xssopen-redirect-in-paypal.html

Blogspot

XSS+Open Redirect in PAYPAL

Hi everyone, I will tell bug I found. This bug is out of scope. I think that this bug may give you idea. Then, I decided to tell.

3.03K viewsAmir Kiani, 13:57

HackerOne

#Tips

2.64K viewsAmir Kiani, edited 14:00

HackerOne

https://medium.com/@sansatart/malware-traffic-analysis-25f4674ddc03

Medium

Malware Traffic Analysis

I’ve been meaning to get around to doing one of these in a public blog for a bit, so I figured I would pick one of the more involved…

2.87K viewsAmir Kiani, 14:01

HackerOne

Forwarded from Valeriy Shevchenko

https://medium.com/@valeriyshevchenko/from-crlf-to-account-takeover-a94d7aa0d74e?sk=54abf996cacadfe53113700a03181bb8

Medium

From CRLF to Account Takeover

At the beginning of March,while researching one site I discovered the new functionality. The functionality allowed the user to login via…

3.88K viewsAmir Kiani, 15:13

HackerOne

Forwarded from Bug Bounty (Amir Kiani)

https://medium.com/@imayankraheja/tampering-encrypted-parameter-to-account-takeover-a5fec7dde360

Medium

Tampering Encrypted Parameter to Account Takeover

Hola Infosec! Thanks for showing so much love to my previous story. Just like my last writup, today also I am going to share an…

661 viewsAmir Kiani, 22:16

HackerOne

callstranger.com

3.54K viewsAmir Kiani, 08:21

About

Blog

Apps

Platform