Code PoC can be found here: https://github.com/Puliczek/CVE-2021-21123-PoC-Google-Chrome

File System Access API - vulnerabilities found by Maciej Pulikowski ( pulik.io )
This is my first video on youtube 🤩 So sorry for the weak video edit 😊
Keep it safe!…

بسم الله الرحمن الرحيم

**Summary:** `
vpn.inverselink.com` points to `54.202.130.246`, which is currently serving a TLS certificate for `Workday, Inc`. This seems to indicate that the subdomain is no longer controlled by...

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comp...

Ah, Google research grants, how effective you are! It seems as if exactly in these times when my energy levels are low, and I just-can’t-get-motivated to sit down and do something, exactly then a new ‘research grant’ lands in my mailbox and kicks me into…

Intro The OAuth2 authorization protocol has been under fire for the past ten years. You've probably already heard about plenty of "return_uri" tricks, token leakages, CSRF-style attacks on clients, an

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comp...

Since the release of Browser powered scanning back in Burp Suite Professional 2020.8.1 we have had a lot of customers asking us about our motivation for choosing to integrate with Chromium and fo

A Tale of how I used an Application’s feature against itself to give rise to a Stored Cross Site Scripting vulnerability…Relax & Enjoy 😁❤

So you are performing a pentest on an android app and you have got into a situation where basic certificate pinning bypass doesn’t work. Or you have been dealing with custom protocol instead of good ol’ HTTP. The goal of this post is to teach you how to capture…

After the research on Site Isolation, it became clear that the most common problem with extensions is calling chrome.tabs.create with a URL received from a content noscript message. While such a bug can be used to steal local files, it can also open up an interesting…

Collection of useful features in Burp Suite Application

Product: McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 Type: OWASP Top Ten 2013 Category A10 - Unvalidated Redirects and Forwards Summary: Unvali...

XSS with CSRF Bypass

Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.

For the latest addition to YesWeHack’s Dojo series, we’re faced with the challenge of fetching the secret that EvilCorp2.0 is storing on…

I’ve spent the best part of the last 10 years triaging Bug Bounty reports that are submitted to the various cloud service providers that…

## Report Summary:

We found an SSRF at https://image.api.np.km.playstation.net/

Vulnerable endpoints: `/images` , `/dis/images`. using image GET parameter.

##Denoscription

This endpoint allows...

Hello Mates,

Buy burpsuite.guide for 100 on GoDaddy via ExpiredDomains.com. This premium expired .guide domain is ideal for establishing a strong online identity.