BugBounty & Hacking Resources – Telegram
BugBounty & Hacking Resources
@projectzeroTM
1.18K subscribers
22 photos
2 videos
5 files
362 links
Download Telegram
About
Blog
Apps
Platform
Join
BugBounty & Hacking Resources
1.18K subscribers
BugBounty & Hacking Resources
Forwarded from APPSeX
https://x.com/jusxing/status/1941865954985550287?s=46
X (formerly Twitter)
Sky Desperados (@jusxing) on X
I found an interesting vulnerability and wanted to share a brief summary:

There’s an endpoint that uses a unique ID in the URL (/example/123) and binds that ID to the user's PHP session cookie
After the binding, the server responds with a 302 redirect and…
1
616 viewsSepehr
BugBounty & Hacking Resources
https://medusa0xf.medium.com/bypassing-2fa-in-graphql-apis-a-step-by-step-guide-4b73816bd4c3
Medium
Bypassing 2FA in GraphQL APIs: A Step-by-Step Guide
This blog explains how 2FA can be bypassed in GraphQL applications using different techniques.
1👍1
827 viewsᴍͥᴏᴇͣɪͫɴ
BugBounty & Hacking Resources
I was writing a "Security in JavaScript" book, that I explained how you can make an advance XSS payload like this one:

[...{[Symbol.iterator]:\u0061lert.bind(null,'catfather')}]‍‍‍


https://x.com/hoseinshurabi/status/1941905813041201247
111
871 viewsᴍͥᴏᴇͣɪͫɴ
BugBounty & Hacking Resources
BugBounty & Hacking Resources
https://jorianwoltjer.com/blog/p/research/nonce-csp-bypass-using-disk-cache
اینو چند نفر تونستن متوجه بشن میخوام یه آمار بگیرم؟
Anonymous Poll
20%
کامل متوجه شدم🤯
15%
بیشترشو فهمیدم🧐
39%
سخت بود🧐
26%
علاقه ای به کلاینت ساید ندارم🤔
21
61 voters875 viewsMeydi
BugBounty & Hacking Resources
https://flatt.tech/research/posts/why-xss-persists-in-this-frameworks-era/
GMO Flatt Security Research
Why XSS Persists in This Frameworks Era?
Introduction
Hi, I’m canalun (@i_am_canalun
), a security researcher at GMO Flatt Security Inc.
This article explores the question: “Why Does XSS Still Occur So Frequently?” We will delve into why this notorious and classic vulnerability despite the widespread…
2
777 viewsᴍͥᴏᴇͣɪͫɴ
BugBounty & Hacking Resources
These vendors are making our job harder and harder

https://x.com/garethheyes/status/1943258793883648450?s=46
X (formerly Twitter)
Gareth Heyes \u2028 (@garethheyes) on X
These vendors are making our job harder and harder
1
694 viewsᴍͥᴏᴇͣɪͫɴ
BugBounty & Hacking Resources
BugBounty & Hacking Resources
These vendors are making our job harder and harder https://x.com/garethheyes/status/1943258793883648450?s=46
توی نسخه جدید Firefox Nightly، یه تکنیک مخرب به اسم DOM Clobbering بگا رفت!

💡 قبل از این تغییر، اگه یه المنت HTML مثل 
<img name="currentScript">
توی صفحه می‌ذاشتی، می‌تونست مقدار 
 document.currentScript
رو خراب کنی یعنی مرورگر به جای اینکه به <noscript> واقعی اشاره کنه، اون img رو نشون می‌داد 😬

اما حالا:
دیگه نمی‌تونی با name یا id، ویژگی‌های داخلی document رو بازنویسی کنی (مثل document.currentScript, document.forms, document.location و غیره)


<img src=a name=currentScript>
<noscript>
alert(document.currentScript) 
</noscript>
Please open Telegram to view this post
VIEW IN TELEGRAM
10😢4
862 viewsᴍͥᴏᴇͣɪͫɴ
BugBounty & Hacking Resources
BugBounty & Hacking Resources
توی نسخه جدید Firefox Nightly، یه تکنیک مخرب به اسم DOM Clobbering بگا رفت! 💡 قبل از این تغییر، اگه یه المنت HTML مثل <img name="currentScript"> توی صفحه می‌ذاشتی، می‌تونست مقدار document.currentScript رو خراب کنی یعنی مرورگر به جای اینکه به <noscript> واقعی…
Nightly نسخه آزمایشی مرورگر فایرفاکسه که هر شب آپدیت میشه.

این اپدیت هم برای این نسخه اومده هنوز وارد نسخه اصلی نشده
😢1
891 viewsᴍͥᴏᴇͣɪͫɴ
BugBounty & Hacking Resources
https://x.com/mehdiparandin/status/1943774358326985187?s=46
X (formerly Twitter)
Meydi (@mehdiparandin) on X
I made a challenge based on a real vuln:
https://t.co/YNR5I9kyKn
- The goal of this challenge is to steal the admin’s (victim) API key
- victim will click only once on the attacker's website
- Should work on the latest version of Chromium and FF.

Source…
6
1.78K viewsMeydi
BugBounty & Hacking Resources
BugBounty & Hacking Resources
https://x.com/mehdiparandin/status/1943774358326985187?s=46
حل کردید یا مشکلی بود بهم بگید:
@meydi7
🔥3
969 viewsMeydi
BugBounty & Hacking Resources
https://x.com/stealthybugs/status/1298003177250238464?t=b5JlRANi0Icz37kOZST5YA&s=19
4
980 viewsSepehr
BugBounty & Hacking Resources
https://x.com/mehdiparandin/status/1944807456544317926?s=46
X (formerly Twitter)
Meydi (@mehdiparandin) on X
A tiny blog post of mine about exploiting self-XSS using disk cache—
inspired by @J0R1AN
Hope you like it!

https://t.co/wk3C0kyYI2
1
981 viewsMeydi
BugBounty & Hacking Resources
BugBounty & Hacking Resources
https://x.com/mehdiparandin/status/1943774358326985187?s=46
https://mey-d.github.io/posts/self-xss-disk-cache/

جواب چلنج امیدوارم خوشتون اومده باشه
🔥13🤩1
1.59K viewsMeydi
BugBounty & Hacking Resources
BugBounty & Hacking Resources
https://mey-d.github.io/posts/self-xss-disk-cache/ جواب چلنج امیدوارم خوشتون اومده باشه
7🤣6🔥21
935 viewsᴍͥᴏᴇͣɪͫɴ
BugBounty & Hacking Resources
https://x.com/BApp_Store/status/1944709094872342708
🔥6
851 viewsSepehr
BugBounty & Hacking Resources
https://medium.com/@sepix/d5460bc1b5b1
Medium
Apex Domain Bruteforcing for Wide Recon
Hello everyone! I hope you’re having a fantastic day. Today, I want to share a technique I personally use when working on targets with…
🔥10
1.05K viewsSepehr
BugBounty & Hacking Resources
https://x.com/kinugawamasato/status/1945926372624384036
X (formerly Twitter)
Masato Kinugawa (@kinugawamasato) on X
<meta http-equiv="refresh" content="0;url='//example.com'@x.com/'">

Chrome redirects to https://t.co/EfE9ZR8cnP, Safari and Firefox redirect to https://t.co/CvRW9BNrQt.
🔥3👌3
1.01K viewsAbolFazl
BugBounty & Hacking Resources
https://jorianwoltjer.com/blog/p/ctf/intigriti-xss-challenge/0725?s=09
jorianwoltjer.com
Intigriti July XSS Challenge (0725) | Jorian Woltjer
My author's writeup of the July 2025 challenge. Perform Mutation XSS to DOM Clobber an change the insertion point into an iframe, then bypass the CSP using a new useful Socket.IO gadget
🔥7
1.25K viewsPouria
BugBounty & Hacking Resources
https://labs.cognisys.group/posts/How-to-Decompile-Hermes-React-Native-Binary/
Cognisys Group Labs
How to Decompile a Hermes React Native Binary (Android Pentest)
Overview
1
1.1K viewsᴍͥᴏᴇͣɪͫɴ
BugBounty & Hacking Resources
https://x.com/garethheyes/status/1948388992908419221
31
1.18K viewsAbolFazl
BugBounty & Hacking Resources
https://medium.com/@0xAwali/beyond-web-caching-vulnerabilities-c617d8cdbb85
Medium
Beyond Web Caching Vulnerabilities
Hi In this write-up , I’m going to explain web caching vulnerabilities in more details and put some concepts together .
7
1.29K viewsAbolFazl