Web_Priv8

HACKING GraphQL FOR BEGINNERS + GIVEAWAY!

#API
#Graphql

@web_priv8

688 viewsr00t98, 14:43

رایت آپ کشف باگ SSRF در grafana.com

https://rhynorater.github.io/CVE-2020-13379-Write-Up

#writeup
#bugbounty
#ssrf

@sec_nerd

rhynorater.github.io

CVE-2020-13379

Unauthenticated Full-Read SSRF in Grafana

343 viewsr00t98, 17:51

Web_Priv8

Forwarded from امنیت اطلاعات

Mysql waf bypasses to cash on SQL-Injection bugs

1. select '\f\l\a\g'='flag'; // This is true
2. All are same
* select 'abcd';
* select 0x61626364;
* select 0b01100001011000100110001101100100;
3. select 'admin' = 'àdmin'; // is true if utf8 is allowed

#bugbounty
#sqli

@sec_nerd

366 viewsr00t98, 18:32

Web_Priv8

Accessing Localhost via Vhost | VIRTUAL HOST ENUMERATION

https://blog.securitybreached.org/2017/11/04/access-localhost-via-virtual-host-virtual-host-enumeration/

#Vhost
#BugBounty
#BugBountyTip

@web_priv8

Security Breached Blog

Accessing Localhost via Vhost | VIRTUAL HOST ENUMERATION

The Blog post is about what are Virtual Host, how U can Enumerate them and get access to the vulnerable system, including POC of resent BugBounty Report.

445 viewsr00t98, 08:21

Web_Priv8

Bug Bounty Tips #1
https://www.infosecmatter.com/bug-bounty-tips-1/

Bug Bounty Tips #2
https://www.infosecmatter.com/bug-bounty-tips-2-jun-30/

Bug Bounty Tips #3
https://www.infosecmatter.com/bug-bounty-tips-3-jul-21/

Bug Bounty Tips #4
https://www.infosecmatter.com/bug-bounty-tips-4-aug-03/

#BugBounty
#BugBountyTip

@web_priv8

InfosecMatter

Bug Bounty Tips #1 - InfosecMatter

Heartbleed vulnerability, Use grep to extract URLs, Extract information from APK, Extract zip file remotely, Top 25 open redirect dorks, JWT token bypass, Finding subdomains, Curl + parallels one-liner, Simple XSS check, Filter out noise from Burp Suite

565 viewsr00t98, edited 09:23

Web_Priv8

Black Hat USA: Your guide to the top web hacking sessions in 2020

https://portswigger.net/daily-swig/amp/black-hat-usa-your-guide-to-the-top-web-hacking-sessions-in-2020

#Blackhat

@web_priv8

388 viewsr00t98, 18:32

Web_Priv8

The Accidental RCE

https://medium.com/@__mr_beast__/the-accidental-rce-7ceef9cee179

#RCE
#Upload
#BugBounty

@web_priv8

Medium

The Accidental RCE

Hey everyone,

401 viewsr00t98, 08:40

Web_Priv8

Steal input DATA’s with CSS File injection

https://link.medium.com/6wGNHfL0F8

#CSSI
#BugBounty
#BugBountyTip

@web_priv8

384 viewsr00t98, edited 12:56

Web_Priv8

#PHP
#TypeJuggling

@web_priv8

394 viewsr00t98, edited 13:03

Web_Priv8

#JWT
#BugBounty
#BugBountyTip

@web_priv8

374 viewsr00t98, 13:17

Web_Priv8

How I was Able To bypass CloudFlare WAF

https://link.medium.com/HZR2xGPHH8

#CDN
#WAF
#Bypass
#CloudFlare
#BugBounty

@web_priv8

541 viewsr00t98, edited 13:25

Web_Priv8

https://youtu.be/jMLVqYIwd_o

#WSL
#Windows
#BugBounty

@web_priv8

YouTube

WSL 2 for BUG BOUNTIES!

DO VIDEOS NEED PIZZA: https://www.buymeacoffee.com/ceos3c
00:00 - Intro
2:38 - Checking Windows Version
4:43 - Installing WSL 2
8:00 - Choosing a WSL 2 Flavor (Distribution)
11:00 - Installing Windows Terminal
13:15 - Customizing Windows Terminal
19:30 -…

507 viewsr00t98, 14:06

Web_Priv8

Forwarded from digMeMore (r00t98)

1:20

This media is not supported in your browser

VIEW IN TELEGRAM

Google Account XSSI

آسیب پذیری XSSI جایی رخ میده که یکسری اطلاعات حساس داخل فایل های جاوااسکریپت قرار میگیره و از اونجایی که SOP واس src کردن فایل های جاوااسکریپت محدودیت نداره اجازه میده که فایل src شه و اطلاعات کاربر خونده شه.

#XSSI
#BugBounty

@digmemore

307 viewsr00t98, 14:26

Web_Priv8

Web Cache Entanglement: Novel Pathways to Poisoning

https://portswigger.net/research/web-cache-entanglement

#WCP

@web_priv8

379 viewsr00t98, edited 03:36

Web_Priv8

How i find Blind Remote Code Execution vulnerability

https://medium.com/@viveik.chauhan/blind-remote-code-execution-b9c4e119f7c3

#RCE
#Blind
#BugBounty

@web_priv8

Medium

Blind Remote Code Execution

Introduction

419 viewsr00t98, 12:56

Web_Priv8

HTTP Request Smuggling in 2020

#Smuggling
#Book

@web_priv8