CVE-2022-46175: JSON5 Prototype Pollution Vulnerability
https://securityonline.info/cve-2022-46175-json5-prototype-pollution-vulnerability/
https://securityonline.info/cve-2022-46175-json5-prototype-pollution-vulnerability/
Daily CyberSecurity
CVE-2022-46175: JSON5 Prototype Pollution Vulnerability
An attacker could exploit the CVE-2022-46175 flaw to execute arbitrary code or cause a denial of service condition on the system.
👍1
#NahamCon2022EU: RTFR (Read The Bleeping RFC)" by securinti
https://www.youtube.com/watch?v=4ZsTKvfP1g0
https://www.youtube.com/watch?v=4ZsTKvfP1g0
YouTube
#NahamCon2022EU: RTFR (Read The Bleeping RFC)" by securinti
#NahamCon2022EU is a virtual offensive security. This year's event was hosted by Farah Hawa & InsidePhD!
Thank you to our sponsors for making this conference happen!
Halborn - halborn.com
Project Circuit Breaker - projectcircuitbreaker.com
Android - google.com…
Thank you to our sponsors for making this conference happen!
Halborn - halborn.com
Project Circuit Breaker - projectcircuitbreaker.com
Android - google.com…
👍5🤔2
XXE (XML EXTERNAL ENTITY) Injection
https://medium.com/@rajeevranjancom/xxe-xml-external-entity-injection-c3f91d74c6c3
https://medium.com/@rajeevranjancom/xxe-xml-external-entity-injection-c3f91d74c6c3
Medium
XXE (XML EXTERNAL ENTITY) Injection
What is XML external entity injection?
👍7🔥1
Stored XSS vulnerability in Microsoft booking
https://mtechghost.medium.com/stored-xss-vulnerability-in-microsoft-booking-e593de3344e0
https://mtechghost.medium.com/stored-xss-vulnerability-in-microsoft-booking-e593de3344e0
Medium
Stored XSS vulnerability in Microsoft booking
This blog is regarding my finding on microsoft 365. One fine day I was working in my office and I received calendar invite from my…
❤10👍3
This is our report stats for 2022!
We want to thank the all #bugbounty community for trusting us and sharing those awesome writeups, tools and tips
Telegram:
+4M Views
+900 Posts
+24k Subscribers
Twitter:
+3M Impressions
+780 Tweets
+18k Followers
Happy Hunting!
We want to thank the all #bugbounty community for trusting us and sharing those awesome writeups, tools and tips
Telegram:
+4M Views
+900 Posts
+24k Subscribers
Twitter:
+3M Impressions
+780 Tweets
+18k Followers
Happy Hunting!
🔥44👍11❤9😁2
Microsoft bug reports lead to ranking on Microsoft MSRC Quarterly Leaderboard (Q3 2022)
https://medium.com/supakiad-s-m3ez/microsoft-bug-reports-lead-to-ranking-on-microsoft-msrc-quarterly-leaderboard-q3-2022-c6c9f70e2ccd
https://medium.com/supakiad-s-m3ez/microsoft-bug-reports-lead-to-ranking-on-microsoft-msrc-quarterly-leaderboard-q3-2022-c6c9f70e2ccd
Medium
Microsoft bug reports lead to ranking on Microsoft MSRC Quarterly Leaderboard (Q3 2022)
I rank 44th on the Microsoft MSRC Quarterly Leaderboard from my security bug reports submitted
👍3❤1
Bug Bytes #187 – NahamCon, IWCon, Hacking Misconceptions, Scaling Recon and Jason’s Pentest
https://blog.intigriti.com/2022/12/28/bug-bytes-187-nahamcon-iwcon-hacking-misconceptions-scaling-recon-and-jasons-pentest/
https://blog.intigriti.com/2022/12/28/bug-bytes-187-nahamcon-iwcon-hacking-misconceptions-scaling-recon-and-jasons-pentest/
Intigriti
Bug Bytes #187 - NahamCon, IWCon, Hacking Misconceptions, Scaling Recon and Jason's Pentest
Dive into Bug Bytes #187, covering NahamCon, IWCon, hacking misconceptions, scaling recon, and insights from Jason's pentest experiences.
👍4
Turning Google smart speakers into wiretaps for $100k
https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html
https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html
Matt's internet home
Turning Google smart speakers into wiretaps for $100k
I was recently rewarded a total of $107,500 by Google for responsibly disclosing security issues in the Google Home smart speaker that allowed an attacker within wireless proximity to install a "backdoor" account on the device, enabling them to send commands…
👍3🔥2
Exploring the World of ESI Injection
https://sudhanshur705.medium.com/exploring-the-world-of-esi-injection-b86234e66f91
https://sudhanshur705.medium.com/exploring-the-world-of-esi-injection-b86234e66f91
Medium
Exploring the World of ESI Injection
Heyyy Everyoneee,
Mosca - Manual search tool to find bugs like a grep unix command - Beta
https://github.com/CoolerVoid/Mosca
https://github.com/CoolerVoid/Mosca
👍1
BufferPwn: RCE vulnerability in the common network code of several first party Nintendo games since the Nintendo 3DS
https://github.com/PabloMK7/ENLBufferPwn
https://github.com/PabloMK7/ENLBufferPwn
GitHub
GitHub - PabloMK7/ENLBufferPwn: Information and PoC about the ENLBufferPwn vulnerability
Information and PoC about the ENLBufferPwn vulnerability - PabloMK7/ENLBufferPwn
Account Takeover Due to Cognito Misconfiguration Earns Me €xxxx
https://medium.com/@mukundbhuva/account-takeover-due-to-cognito-misconfiguration-earns-me-xxxx-3a7b8bb9a619
https://medium.com/@mukundbhuva/account-takeover-due-to-cognito-misconfiguration-earns-me-xxxx-3a7b8bb9a619
Medium
Account Takeover Due to Cognito Misconfiguration Earns Me €xxxx
Hello Guys, I haven’t written anything in a long time.
👍3
Get an Edge with ChatGPT: 10 Ways It Can Benefit Smart Contract Auditors and Bug Bounty Hunters
https://wefuzz.medium.com/get-an-edge-with-chatgpt-10-ways-it-can-benefit-smart-contract-auditors-and-bug-bounty-hunters-790222d63214
https://wefuzz.medium.com/get-an-edge-with-chatgpt-10-ways-it-can-benefit-smart-contract-auditors-and-bug-bounty-hunters-790222d63214
Medium
Get an Edge with ChatGPT: 10 Ways It Can Benefit Smart Contract Auditors and Bug Bounty Hunters
ChatGPT
👍1
Difficulty of Reproducing Old Exploits (Part 1)
https://medium.com/@Brian.IsMeta/difficulty-of-reproducing-old-exploits-a613da2c2143
https://medium.com/@Brian.IsMeta/difficulty-of-reproducing-old-exploits-a613da2c2143
Medium
Difficulty of Reproducing Old Exploits
I tried to follow the Immunefi article to reproduce the Fei protocol exploit, published June 2021, but it is now December 2022. Hours (even…
Difficulty of Reproducing Old Exploits (Part 2)
https://medium.com/@Brian.IsMeta/difficulty-of-reproducing-old-exploits-part-two-3c2db88232e5
https://medium.com/@Brian.IsMeta/difficulty-of-reproducing-old-exploits-part-two-3c2db88232e5
Medium
Difficulty of Reproducing Old Exploits (Part Two)
In Part One, I described my journey to try to reproduce the Fei protocol exploit, following an article by Lucash-dev written for Immunefi.
👍1