NEW BOT Телеграм, страница - 284812811

Electro0ne Bytes 🦅

@electro0ne_bytes

364 subscribers

5 photos

60 links

I publish articles related to hacking and security for you, so let's learn together.💪

Contact: @Electro0ne Blogs: electro0nes.github.io

Download Telegram

About

Blog

Apps

Platform

Electro0ne Bytes 🦅

364 subscribers

Electro0ne Bytes 🦅

Common OAuth Vulnerabilities · Doyensec's Blog

https://blog.doyensec.com/2025/01/30/oauth-common-vulnerabilities.html

🔥3

214 viewsᴍͥᴏᴇͣɪͫɴ, 08:08

Electro0ne Bytes 🦅

https://brutecat.com/articles/leaking-youtube-emails

Leaking the email of any YouTube user for $10,000

What could've been the largest data breach in the world - an attack chain on Google services to leak the email address of any YouTube channel

❤3

199 viewsᴍͥᴏᴇͣɪͫɴ, 22:37

Electro0ne Bytes 🦅

https://blog.voorivex.team/css-data-exfiltration-to-steal-oauth-token

Voorivex's Team

CSS Data Exfiltration to Steal OAuth Token

Use CSS injection to bypass CSP, exfiltrate OAuth tokens through unique chaining techniques. Discover vulnerability and exploit details

❤3

182 viewsᴍͥᴏᴇͣɪͫɴ, 17:38

Electro0ne Bytes 🦅

https://medium.com/immunefi/how-to-stay-motivated-when-hunting-for-bugs-4966ac0d658

How to Stay Motivated When Hunting for Bugs

I’ve been hacking since 2014 and more recently focusing on bounty hunting in the blockchain space. For example, I found a critical bug in…

🔥1

183 viewsᴍͥᴏᴇͣɪͫɴ, 03:33

Electro0ne Bytes 🦅

https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/

CVE-2024-4367 - Arbitrary JavaScript execution in PDF.js - Codean Labs

A vulnerability in PDF.js found by Codean Labs. PDF.js is a JavaScript-based PDF viewer maintained by Mozilla. This bug allows an attacker to execute arbitrary JavaScript code as soon as a malicious PDF file is opened. This affects all Firefox users (

❤2

205 viewsᴍͥᴏᴇͣɪͫɴ, 02:08

Electro0ne Bytes 🦅

Forwarded from Brut Security

🔖

Extracting endpoints from JavaScript bookmarklets

⬇️Usage
🔴Add a new bookmark in your browser’s toolbar
🔴Replace the bookmark’s URL with the following JavaScript code:

javanoscript:(function(){var noscripts=document.getElementsByTagName("noscript"),regex=/(?<=(\"|\'|\`))\/[a-zA-Z0–9_?&=\/\-\#\.]*(?=(\"|\'|\`))/g;const results=new Set;for(var i=0;i<noscripts.length;i++){var t=noscripts[i].src;""!=t&&fetch(t).then(function(t){return t.text()}).then(function(t){var e=t.matchAll(regex);for(let r of e)results.add(r[0])}).catch(function(t){console.log("An error occurred: ",t)})}var pageContent=document.documentElement.outerHTML,matches=pageContent.matchAll(regex);for(const match of matches)results.add(match[0]);function writeResults(){results.forEach(function(t){document.write(t+"<br>")})}setTimeout(writeResults,3e3);})();

🔴Visit the target page and click the bookmarklet. The noscript will run in your browser, revealing previously undiscovered endpoints right on the page.

Please open Telegram to view this post

VIEW IN TELEGRAM

❤3👍2

211 viewsᴍͥᴏᴇͣɪͫɴ, 21:05

Electro0ne Bytes 🦅

https://bxmbn.medium.com/bank-offer-idor-fix-bypassed-how-i-accessed-unauthorized-offers-and-secured-a-10-000-bounty-41052b31a2fc

Bank offer IDOR Fix Bypassed: How I Accessed Unauthorized Offers and Secured a $10,000 Bounty — @bxmbn

Bank offer IDOR Fix Bypassed: How I Accessed Unauthorized Offers and Secured a $10,000 Bounty — @bxmbn Summary: I discovered a new weakness in the offer retrieval functionality that allows an …

👍2❤1

225 viewsᴍͥᴏᴇͣɪͫɴ, 18:03

Electro0ne Bytes 🦅

https://bxmbn.medium.com/hijacking-sessions-with-idor-and-xss-bxmbn-396f99761a85

Hijacking Sessions with IDOR and XSS— @bxmbn

Picture a platform designed to handle sensitive documentation — think insurance claims or identity verification — turning into a goldmine…

❤1

272 viewsᴍͥᴏᴇͣɪͫɴ, 20:07

Electro0ne Bytes 🦅

https://rikeshbaniya.medium.com/account-takeover-using-sso-logins-fa35f28a358b

Account Takeover using SSO Logins

Companies often provide various login methods for users to authenticate their accounts.

217 viewsᴍͥᴏᴇͣɪͫɴ, 00:52

Electro0ne Bytes 🦅

https://medium.com/@renwa/client-side-path-traversal-cspt-bug-bounty-reports-and-techniques-8ee6cd2e7ca1

Client Side Path Traversal (CSPT) Bug Bounty Reports and Techniques

Over the past year, CSPT bugs have gained significant attention, with numerous blogs and disclosed reports highlighting their impact…

263 viewsᴍͥᴏᴇͣɪͫɴ, 00:02

Electro0ne Bytes 🦅

https://blog.doyensec.com/2024/07/02/cspt2csrf.html

Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery - Introducing CSPT2CSRF

To provide users with a safer browsing experience, the IETF proposal named “Incrementally Better Cookies” set in motion a few important changes to address Cross-Site Request Forgery (CSRF) and other client-side issues. Soon after, Chrome and other major browsers…

290 viewsᴍͥᴏᴇͣɪͫɴ, 00:02

Electro0ne Bytes 🦅

https://blog.koalasec.co/2500-dollars-in-bounties-hacking-graphql

KoalaSEC's blog

2500 Dollars in bounties, Hacking GraphQL

Hi, amazing hackers! I hope you're doing well.In this article, I’ll share my learning process and experiences in finding multiple vulnerabilities in GraphQL APIs application.
In February, I started learning GraphQL API security using the book Black H...

292 viewsᴍͥᴏᴇͣɪͫɴ, 21:11

Electro0ne Bytes 🦅

👍3

264 viewsᴍͥᴏᴇͣɪͫɴ, 21:30

Electro0ne Bytes 🦅

https://kpwn.de/2023/05/javanoscript-analysis-for-pentesters/#dynamic-analysis

JavaScript Analysis for Pentesters

Pentesting web applications thoroughly requires you to analyze their JavaScript. I’ve summarized my knowledge from 5 years of pentests into this blog post.

293 viewsᴍͥᴏᴇͣɪͫɴ, 21:27

Electro0ne Bytes 🦅

https://x.com/moeinerfanian/status/1912599404558839825

X (formerly Twitter)

MOEIN (@moeinerfanian) on X

🚨 Just dropped Eye Of Ra on GitHub!
Track bug bounty programs across HackerOne, Bugcrowd(WIP), Intigriti(WIP) & YesWeHack(WIP) with live updates + Discord alerts 📡💥

Open source & ready to hunt
🔗 https://t.co/gtGFdZBzOt

#bugbounty #infosec #hackerone #bugcrowd…

304 viewsᴍͥᴏᴇͣɪͫɴ, 20:14

Electro0ne Bytes 🦅

https://x.com/thelilnix/status/1912558357635801536

X (formerly Twitter)

LIL NIX (@thelilnix) on X

When you use "Tagged Templates" (e.g, alert`123`), JavaScript passes something like this to the function:
alert(["123"])
NOTE: Since alert uses "toString" on the given parameter, it becomes ["123"].toString() and then "123".

305 viewsᴍͥᴏᴇͣɪͫɴ, 20:16

Electro0ne Bytes 🦅

https://medium.com/@AlQa3Qa3_M0X0101/how-i-was-able-to-get-account-takeover-via-idor-form-jwt-caaf7ea58aa

How I was able to get account takeover via IDOR form JWT

Hello guys, today I’m gonna explain how I got IDOR and exploit it to make account takeover.

🔥2

327 viewsᴍͥᴏᴇͣɪͫɴ, 20:09

Electro0ne Bytes 🦅

https://seanpesce.blogspot.com/2024/09/exploiting-android-client-webviews-with.html

Exploiting Android Client WebViews with Help from HSTS

TL;DR I discovered a one-click account takeover vulnerability in a popular Indonesian Android app called Tokopedia . Th...

320 viewsᴍͥᴏᴇͣɪͫɴ, 02:10

Electro0ne Bytes 🦅

https://weirdmachine.medium.com/google-cloud-account-takeover-via-url-parsing-confusion-c5e47389b7c7

Google Cloud Account Takeover via URL Parsing Confusion

335 viewsᴍͥᴏᴇͣɪͫɴ, 01:07

Electro0ne Bytes 🦅

https://x.com/garethheyes/status/1920811123923697804

357 viewsᴍͥᴏᴇͣɪͫɴ, 12:03

Electro0ne Bytes 🦅

Forwarded from GitBook - Bug Bounty

Polyglot Payload
qwe'" <x</{{[7*7]}}

#XSS #SQLi #CSTI
@GitBook_s

350 viewsᴍͥᴏᴇͣɪͫɴ, 16:52