unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
Applying the old school hacking to bug hunting
Or, documentation + source code = knowledge, profit(?)I’m a big fan of the old school approach to ha...
2020-12-02 09:46:43 | 阅读: 260 |
收藏
|
medium.com
jira
ffuf
wappalyzer
slashes
pfed
The YouTube bug that allowed unlisted uploads to any channel
It was late June when I received an invitation to test out a new product from YouTube: a video build...
2020-12-01 07:37:09 | 阅读: 262 |
收藏
|
medium.com
youtube
6e4b
unlisted
beca
Bcrypt — Account TakeOver Due To Weak Encryption — #HR51KDB
Hey Fellas! I hope you all are doing good and safe. Thank you so much for showing your interest in m...
2020-11-29 22:08:10 | 阅读: 288 |
收藏
|
medium.com
otp
bcrypt
otppassword
debcrypt
ato
Testing for Directory or Path Traversal Vulnerabilities
In this article, we’ll be discussing, how to perform Directory Traversal or Path Traversal attacks,...
2020-11-29 20:06:26 | 阅读: 330 |
收藏
|
medium.com
windows
testsite
sequences
slash
attacker
Reflected Cross Site Scripting on Private Program (Bounty:750$)
Hi guys, this is my first english write-up, so I’m sorry for my bad english grammar.Obviously, I dis...
2020-11-27 16:03:12 | 阅读: 271 |
收藏
|
medium.com
sorry
exploring
payload
blur
guys
Beginners Guide: VPS Setup for Bug Bounty Recon Automation
Hello, All. My name is Ranjan. I am a final year CS undergrad and a part-time bug bounty hunter. Due...
2020-11-25 19:22:28 | 阅读: 405 |
收藏
|
medium.com
ssh
cloud
username
bothra
How I Found The Facebook Messenger Leaking Access Token Of Million Users
Hi everyone,This blog is about how I found the Facebook Messenger iOS App Leaking Access Token Of Mi...
2020-11-23 09:30:29 | 阅读: 292 |
收藏
|
medium.com
facebook
messenger
burp
texted
leaking
The First Bounty Target (Disclosing Multiple Reports)
Hello,First of all, sorry for not posting for such a long period of time. I was really busy in this...
2020-11-22 07:22:41 | 阅读: 286 |
收藏
|
medium.com
burp
victim
posting
pii
ordered
Interesting case of SQLi
Hey everyone, didn’t get time this year to blog about my findings. But this one, I found around 2–3...
2020-11-22 05:18:43 | 阅读: 281 |
收藏
|
medium.com
bla
synack
youtube
invoicing
SOAP- Based Unauthenticated Out-of-Band XML External Entity (OOB-XXE) in a Help Desk Software
I omitted the application name as it was private program.While registering for an application, i hav...
2020-11-22 03:21:17 | 阅读: 321 |
收藏
|
medium.com
passwd
sessionid
wsdl
rrr
asd
Commenting on a post by opening it via page’s news-feed goes from a wrong actor (i.e.
This writeup is about an easy catch in Facebook Lite that led me to win a bug bounty from Facebook u...
2020-11-21 19:34:23 | 阅读: 304 |
收藏
|
medium.com
facebook
friday
wednesday
2020asked
saturday
Unauthenticated Account Takeover Through HTTP Leak
I used “app” keyword in place of application name as it was private program.While testing a forget p...
2020-11-20 04:37:40 | 阅读: 247 |
收藏
|
medium.com
attacker
emailbody
victim
sanitized
injection
CVE-2020–24723
Tale of Stored XSS Leads to admin account takeoverMayur ParmarNov 17 · 2 min readCVE:https://cve.mit...
2020-11-19 19:34:03 | 阅读: 272 |
收藏
|
medium.com
th3cyb3rc0p
payload
phpgurukul
enhttps
parmar
2FA Bypass On Instagram Through A Vulnerable Endpoint
This report is about the missing 2FA check on Instagram login when a user uses the ‘Secure account h...
2020-11-19 01:42:09 | 阅读: 296 |
收藏
|
medium.com
victim
attacker
replaces
security
User’s private watched videos’ List, saved videos, etc.
This writeup is about a vulnerability exposing user’s private watched videos list, saved videos, sha...
2020-11-18 18:37:15 | 阅读: 233 |
收藏
|
medium.com
facebook
unlocking
watched
thursday
intruder
Javascript Files Recon
A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and...
2020-11-18 01:58:23 | 阅读: 341 |
收藏
|
medium.com
nutshell
publication
hackrew
ups
bounties
Automating XSS using Dalfox, GF and Waybackurls
2020-11-17 17:06:35 | 阅读: 853 |
收藏
|
medium.com
testphp
gf
bybuilding
maintained
testxss
Optimizing Hunting Results in VDP for use in Bug Bounty Programs — From Sensitive Information…
As usual, I will try to release this write-up with two different approaches, which are:For those who...
2020-11-17 11:05:45 | 阅读: 225 |
收藏
|
medium.com
tld
inshaallah
subdomain
jira
Getting Started with Penetration Testing and dealing with everyday Mood and Motivation
It’s all about the right Mindset and Consistency!I would assume you already know what Penetration Te...
2020-11-17 03:18:18 | 阅读: 337 |
收藏
|
medium.com
hackthebox
vulnhubs
earn
hackerone
Attacking JSON Web Tokens (JWTs)
Forge the token to gain unauthorized access!Made by me :)JSON Web Token is commonly used for authori...
2020-11-16 22:14:17 | 阅读: 289 |
收藏
|
medium.com
hs256
rs256
python3
jwks
payload
Previous
6
7
8
9
10
11
12
13
Next