Rejected but Rewarded — What a GraphQL Misconfiguration Taught Me About Bug Bounty Triage. Press enter or click to view image in full sizeBy kjuliusResponsible disclosure submitted. No mutati... 2026-5-25 09:5:9 | 阅读: 21 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com graphiql sizepoc triage mutation

Rejected but Rewarded — What a GraphQL Misconfiguration Taught Me About Bug Bounty Triage. Press enter or click to view image in full sizeBy kjuliusResponsible disclosure submitted. No mutati... 2026-5-25 09:5:9 | 阅读: 23 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com graphiql sizepoc triage mutation

Dev Diaries TryHackMe Walkthrough Press enter or click to view image in full sizeTask 1. ChallengeThe room starts with a simple OSINT... 2026-5-23 08:19:29 | 阅读: 42 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com github marvenly repository subdomain development

SSRF in APIs: How a Single URL Parameter Can Expose Internal Systems A single misconfigured URL parameter can allow an attacker to abuse server-side requests and potenti... 2026-5-23 08:19:23 | 阅读: 27 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com ssrf mechanic attackers outbound

SSRF in APIs: How a Single URL Parameter Can Expose Internal Systems A single misconfigured URL parameter can allow an attacker to abuse server-side requests and potenti... 2026-5-23 08:19:23 | 阅读: 25 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com ssrf security outbound waiter mechanic

Auth Mastery Part 1: Credential Types curl Handles The server tells you exactly which auth scheme it wants. Most people never read that line.Press ente... 2026-5-23 08:19:17 | 阅读: 21 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com digest realm 401 httpbin

How Hackers Are Manipulating AI Using Prompt Injection Before We Begin Let’s Understand What Even Is AI?Artificial Intelligence, in the context we’re talki... 2026-5-23 08:18:50 | 阅读: 19 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com magical prompts refers claude coherent

Ninja Skills — TryHackMe Walkthrough Press enter or click to view image in full sizeIntroductionSome people skip rooms like this because... 2026-5-23 08:18:35 | 阅读: 21 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com d8b3 bny0 x1uy 8v2l v2vb

Poster TryHackMe Walkthrough | PostgreSQL Exploitation & Privilege Escalation IntroductionIn this walkthrough, I solved the Poster room from TryHackMe. The room focuses on Postgr... 2026-5-23 08:18:27 | 阅读: 25 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com auxiliary alison searched sizethe database

A Simple Session Management Bug Every Beginner Bug Hunter Should Test. Press enter or click to view image in full sizeBy kjuliusWhen beginners start bug bounty hunting, mo... 2026-5-23 08:18:9 | 阅读: 18 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com logout sizepoc beginner continued

“Bug Bounty Bootcamp #38: SSRF Chaining — Bypassing Domain Whitelists with Open Redirects and PDF… You found an SSRF, but the server only allows URLs from trusted.com. Game over? Not if trusted.com h... 2026-5-23 08:18:0 | 阅读: 19 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com ssrf whitelist gate whitelists wall

Recon Isn’t Just Technical — It’s Psychological 2026-5-23 08:17:46 | 阅读: 23 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com humans forgotten stalk yeah weirdly

Recon Isn’t Just Technical — It’s Psychological 2026-5-23 08:17:46 | 阅读: 9 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com humans stalk forgotten panels permanent

Finding & Exploiting Exposed Google API Keys for Bug $Bounties Turn exposed Google API keys into real-world impact by accessing Gemini and other Google services fo... 2026-5-23 08:17:36 | 阅读: 21 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com gemini validating treated assumed

Finding & Exploiting Exposed Google API Keys for Bug $Bounties Turn exposed Google API keys into real-world impact by accessing Gemini and other Google services fo... 2026-5-23 08:17:36 | 阅读: 8 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com gemini automating discovering treated assumed

How Malware Hides Inside ZIP Files & Why Most Defenses Still Miss It Press enter or click to view image in full sizeThe other day I was reading an article about zip file... 2026-5-21 08:34:13 | 阅读: 24 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com phishing payload attackers analysis chains

Assertion101 Proving Grounds Walkthrough (Intermediate) | Complete Write-Up The first step in approaching this machine was reconnaissance. Understanding which services were exp... 2026-5-21 08:33:59 | 阅读: 22 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com ssh aria2c machine payload passwd

The Loud Failure: How a Broken WebSocket Leaked a Master Key to the Backend Press enter or click to view image in full sizeIn bug bounty hunting, we often spend a lot of time l... 2026-5-21 08:33:48 | 阅读: 21 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com baas client frontend scoped 36origin

Bug Bounty Bootcamp #37: SSRF in PDFs, Screenshots, and Bypassing Localhost Filters You found a PDF generator that fetches URLs. The developer blocked localhost and 127.0.0.1. Game ove... 2026-5-21 08:32:25 | 阅读: 23 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com ssrf webpage focuses linkwelcome

Can Pure Modbus Break a Reactor? Oldsmar, Stuxnet & FrostyGoop, Tested You can speak Modbus to a chemical reactor as freely as its own engineer. Breaking it, though, isn’t... 2026-5-21 08:31:28 | 阅读: 21 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com setpoint plc 502 modbus mbtget