BugBounty & Hacking Resources – Telegram
BugBounty & Hacking Resources
@projectzeroTM
1.17K subscribers
21 photos
2 videos
5 files
361 links
Download Telegram
About
Blog
Apps
Platform
Join
BugBounty & Hacking Resources
1.17K subscribers
BugBounty & Hacking Resources
https://x.com/ataturk1925/status/1984956238560444732?s=46


نادر و پوریا از هانترای خفن قراره یه ایونت بذارن 🎤

حتما جوین دیسکوردشون بشید:

https://discord.com/invite/gRgv3MBBv6
Please open Telegram to view this post
VIEW IN TELEGRAM
X (formerly Twitter)
nader abdi (@AtaTurk1925) on X
قراره تو یه ایونت، تجربه‌هامون از هانت کردن روی متا(فیسبوک، اینستاگرام،...) و تکنولوژی‌هایی که متا استفاده می‌کنه ابزار های که توسعه داده شده رو باهاتون به اشتراک بذاریم! زمان لایو برا هفته آینده اس تایم دقیق هم خود چنل میذاریم.

📺 سه تا لایو داریم که با…
🔥10
1.06K viewsMeydi
BugBounty & Hacking Resources
https://hacktus.tech/how-a-fixed-idor-and-an-empty-string-led-to-5-million-file-leaks

#idor
Hacktus
How a "Fixed" IDOR and an Empty String Led to 5 Million+ File Leaks
When I start looking at a target in finance, medical, etc, I always go for the most valuable data. In this case, on a major application we'll call "Redacted Corp," that meant file uploads. Invoices, personal documents, signatures... all the PII.
Part...
👍8
851 viewsMeydi
BugBounty & Hacking Resources
From path-based middleware protection bypass to potential SSRF & XSS + full bypass of CVE-2025-61925 on @astrodotbuild

https://zhero-web-sec.github.io/research-and-things/astro-framework-and-standards-weaponization
zhero_web_security
Astro framework and standards weaponization
CVE-2025-64525
84
746 views| | Sharo K h | |
BugBounty & Hacking Resources
CVE-2025-64484

oauth2-proxy:
A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.

باگش این بوده که هدر های X-Forwarded-* رو اتکر میتونسته اسماگل کنه.
سرویس oauth2-proxy این دوتا هدر رو جدا در نظر میگرفته:

X-Forwarded-User
X_Forwarded-User


خب حالا چه اتفاقی میوفته؟
زمانی که این درخواست سمت اپلیکیشن های مثل (nginx, Envoy, Rails) میره, این اپلیکیشن ها هدر X_Forwarded-User رو نرمالایز میکنن و تبدیل میشه به X-Forwarded-User و اگه دوتا هدر شبیه هم وجود داشته باشه پایینی رو در نظر میگیرن که همون هدر اسماگل شده ی اتکر هستش


Report Detail
https://gist.github.com/N3mes1s/a1144f6a546600d8f34babf35976b9c5

Oauth2-Proxy
http://github.com/oauth2-proxy/oauth2-proxy
Gist
OAuth2 Proxy underscore header smuggling (CVE-2025-64484 / GHSA-vjrc-mh2v-45x6)
OAuth2 Proxy underscore header smuggling (CVE-2025-64484 / GHSA-vjrc-mh2v-45x6) - CVE-2025-64484.md
10🔥3
969 views| | Sharo K h | |
BugBounty & Hacking Resources
Unlocking Reflected XSS in the Astro framework

https://zhero-web-sec.github.io/research-and-things/unlocking-reflected-xss-in-the-astro-framework
zhero_web_security
Unlocking Reflected XSS in the Astro framework
CVE-2025-64764
7
947 views| | Sharo K h | |
BugBounty & Hacking Resources
https://bugbountydaily.com/
Bugbountydaily
Bug Bounty Daily
The ultimate reading list for bug bounty hunters. Discover curated articles and resources, track your progress, and stay ahead in cybersecurity.
9
1.04K viewsᴍͥᴏᴇͣɪͫɴ
BugBounty & Hacking Resources
https://x.com/slonser_/status/1992913762333168052?s=46
X (formerly Twitter)
slonser (@slonser_) on X
Today I discovered an SQLi vulnerability in a PostgreSQL application where the injection point was path-based with strict length restriction (32 chars). Spaces, slashes, quotes, and parentheses e.t.c. resulted in a 400 Bad Request error and the path wasn't…
32👍2
802 viewsMeydi
BugBounty & Hacking Resources
https://x.com/Jayesh25_/status/1725429962931335599
X (formerly Twitter)
Jayesh Madnani (@Jayesh25_) on X
Bug Bounty Tips: 🐛🔐 Unlocking Important Resources with Email Verification Bypass

Working on a target where email verification is crucial? Imagine a scenario where gaining access to a specific domain, like example[.]com, could grant you entry into a victim's…
2
614 viewsSepehr
BugBounty & Hacking Resources
https://x.com/_jensec/status/1292846852010721280
X (formerly Twitter)
Jenish Sojitra (@_jensec) on X
#bugbountytips #bugbounty
How I was able to find multiple critical vulnerabilities to get Full Account Takeover with the help of PlayStore and AppStore region settings.
2
604 viewsSepehr
BugBounty & Hacking Resources
https://lab.ctbb.show/research/write-path-traversal-to-RCE-art-department
Critical Thinking - Bug Bounty Podcast
Write Path Traversal to a RCE Art Department
Abusing Write Path Traversal for Living Off the Land Remote Code Execution
3
544 viewsSepehr
BugBounty & Hacking Resources
https://blog.criticalthinkingpodcast.io/p/hackernotes-ep86-xcorrelation-frans-rce-research-drop
Critical Thinking - Bug Bounty Podcast
[HackerNotes Ep.86] The X-Correlation between Frans & RCE - Research Drop
Frans Rosen and Justin sit down to discuss and drop gold on X-correlation injection, with impacts and POCs ranging from JSON injection to RCE.
6
649 viewsSepehr
BugBounty & Hacking Resources
https://x.com/zseano/status/1995585425856147840
X (formerly Twitter)
zseano (@zseano) on X
akamai waf is SO fun to fuck with. managed to bypass it with this in a JSON request (which then saved my input and output it on another endpoint)

{"ID":'0<h2 onpointerrawupdate="/*','*/prompt``">':"xss"

using onpointerrawupdate=' got blocked by waf. but…
3
497 viewsAbolFazl
BugBounty & Hacking Resources
https://blog.mirzadzare.net/from-log-in-with-oauth-to-your-account-is-mine-desktop-app-edition
Blog | Mirzadzare (Spix0r)
OAuth Vulnerabilities in Desktop Apps
Security flaw in desktop app OAuth allows account takeover with malicious links. Understand attack steps, why it works, and fix strategies
7
710 viewsSepehr
BugBounty & Hacking Resources
InQL New Version

https://github.com/doyensec/inql/releases/tag/v6.1.0
3
2.09K views| | Sharo K h | |
BugBounty & Hacking Resources
https://slcyber.io/research-center/high-fidelity-detection-mechanism-for-rsc-next-js-rce-cve-2025-55182-cve-2025-66478/
Searchlight Cyber
High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478) › Searchlight Cyber
This morning, an advisory was released for Next.js about a vulnerability that leads to RCE in default configurations, with no prerequisites. The root cause of this issue lies in React Server Components, which Next.js utilizes. Over the last day, we have noticed…
3
604 viewsMeydi
BugBounty & Hacking Resources
BugBounty & Hacking Resources
https://slcyber.io/research-center/high-fidelity-detection-mechanism-for-rsc-next-js-rce-cve-2025-55182-cve-2025-66478/
اگه توی سایتتون از react-based فریم ورک ها (RSC)استفاده میکنید
سریع برید اپدیت کنید
3
728 viewsMeydi
BugBounty & Hacking Resources
BugBounty & Hacking Resources
https://slcyber.io/research-center/high-fidelity-detection-mechanism-for-rsc-next-js-rce-cve-2025-55182-cve-2025-66478/
اینو خود ریسرچرش گفته:

https://react2shell.com/
7🤣1
632 views| | Sharo K h | |
BugBounty & Hacking Resources
BugBounty & Hacking Resources
https://slcyber.io/research-center/high-fidelity-detection-mechanism-for-rsc-next-js-rce-cve-2025-55182-cve-2025-66478/
https://github.com/assetnote/react2shell-scanner
GitHub
GitHub - assetnote/react2shell-scanner: High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478)
High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478) - assetnote/react2shell-scanner
👍43
1.04K views| | Sharo K h | |
BugBounty & Hacking Resources
https://x.com/moeinerfanian/status/1996613520339693929
X (formerly Twitter)
MOEIN (@moeinerfanian) on X
For anyone doing recon with the Wayback Machine, sifting through CDX results can be tedious and noisy — tons of historical URLs, not all relevant. To make it easier, I created wayback-cdx-filter, a browser extension that lets you filter out unwanted domains…
9
900 viewsᴍͥᴏᴇͣɪͫɴ
BugBounty & Hacking Resources
https://x.com/galnagli/status/1996675296959812065?s=20
X (formerly Twitter)
Nagli (@galnagli) on X
This is the most reliable public detection (at this time) to indicate whether a machine is actually exploitable to CVE-2025-55182 / React2Shell without invoking the RCE and limited FP's.

it triggers an internal error and validates the vulnerable version…
6
639 viewsSepehr