GitHub Security Lab disclosed a bug submitted by luchua: https://hackerone.com/reports/1690045 - Bounty: $1000 [Source]
GitHub Security Lab disclosed a bug submitted by smehta23: https://hackerone.com/reports/1678405 - Bounty: $1800 [Source]
Reddit disclosed a bug submitted by ahacker1: https://hackerone.com/reports/1656380 - Bounty: $1000 [Source]
Cloudflare Public Bug Bounty disclosed a bug submitted by ydvanjali: https://hackerone.com/reports/1664974 - Bounty: $250 [Source]
Informatica disclosed a bug submitted by isumitpatel: https://hackerone.com/reports/994612 [Source]
Nextcloud disclosed a bug submitted by bjoernv: https://hackerone.com/reports/1606961 - Bounty: $100 [Source]
TikTok disclosed a bug submitted by ckerha: https://hackerone.com/reports/1199965 - Bounty: $170 [Source]
Reddit disclosed a bug submitted by criptex: https://hackerone.com/reports/1661113 - Bounty: $5000 [Source]
Reddit disclosed a bug submitted by lu3ky-13: https://hackerone.com/reports/1285081 - Bounty: $200 [Source]
Reddit disclosed a bug submitted by heckintosh: https://hackerone.com/reports/1606957 - Bounty: $100 [Source]
Cloudflare Public Bug Bounty disclosed a bug submitted by lohigowda: https://hackerone.com/reports/1675730 - Bounty: $250 [Source]
Cloudflare Public Bug Bounty disclosed a bug submitted by path_network: https://hackerone.com/reports/1636320 - Bounty: $500 [Source]
Yelp disclosed a bug submitted by irfadps: https://hackerone.com/reports/1714970 [Source]
Flickr disclosed a bug submitted by stevejubs: https://hackerone.com/reports/1581258 - Bounty: $258 [Source]
Judge.me disclosed a bug submitted by penguinshelp: https://hackerone.com/reports/1595905 - Bounty: $500 [Source]
Node.js disclosed a bug submitted by zeyu2001: https://hackerone.com/reports/1632921 [Source]
Cloudflare Public Bug Bounty disclosed a bug submitted by albertspedersen: https://hackerone.com/reports/1700276 - Bounty: $1125 [Source]
Slack disclosed a bug submitted by security_warrior: https://hackerone.com/reports/1661310 - Bounty: $250 [Source]
8x8 disclosed a bug submitted by rajauzairabdullah: https://hackerone.com/reports/790846 [Source]
Yelp disclosed a bug submitted by raja404: https://hackerone.com/reports/1712240 [Source]
Yelp disclosed a bug submitted by er_salil: https://hackerone.com/reports/1023773 [Source]
Yelp disclosed a bug submitted by qualwin3001: https://hackerone.com/reports/1707616 [Source]
Reddit disclosed a bug submitted by criptex: https://hackerone.com/reports/1051373 - Bounty: $5000 [Source]
U.S. Dept Of Defense disclosed a bug submitted by thpless: https://hackerone.com/reports/1624152 - Bounty: $500 [Source]
Adobe disclosed a bug submitted by gdattacker: https://hackerone.com/reports/1661914 [Source]
MTN Group disclosed a bug submitted by possowski: https://hackerone.com/reports/1646248 [Source]
Internet Bug Bounty disclosed a bug submitted by happyhacking123: https://hackerone.com/reports/1664019 - Bounty: $600 [Source]
Internet Bug Bounty disclosed a bug submitted by haxatron1: https://hackerone.com/reports/1663788 - Bounty: $1200 [Source]
Have you ever wished Google Assistant could read you the articles in your Feedly? Now it can. Nick Felker has created a Google Assistant Action that integrates Google Assistant and Feedly. Thanks to the Feedly action, Google Assistant can list the headlines in your feeds, read specific articles, and even...
Easily track key business events like funding events, product launches, or partnerships. Industries are changing at a faster pace than ever. Keeping up with new threats and opportunities can be overwhelming and time-consuming. Today, we’re excited to announce a new Leo skill that lets you easily track key strategic moves...
We’re excited to launch a new version of the Feedly Web UI that improves the navigation and adds support for a cool dark theme. Here’s a quick demo of the new Feedly dark theme and left navigation bar updates: More visible Add Content (+) The profile and add content are...
The post New reward system to accelerate learning and growth on Detectify appeared first on Detectify Labs. [Source]
The post How To Hack Web Applications in 2022: Part 2 appeared first on Detectify Labs. [Source]
The post SSRF vulnerabilities and where to find them appeared first on Detectify Labs. [Source]
The post Module disclosures now available for hackers on Detectify Crowdsource appeared first on Detectify Labs. [Source]
The post Account hijacking using “dirty dancing” in sign-in OAuth-flows appeared first on Detectify Labs. [Source]
The post Common Security Vulnerabilities in Core AWS Services: Exploitation and Mitigation appeared first on Detectify Labs. [Source]
The post How to: Look for TLS private keys on Docker Hub appeared first on Detectify Labs. [Source]
The post Hack with ‘goodfaith’ – A tool to automate and scale good faith hacking appeared first on Detectify Labs. [Source]
The post Leveraging AWS QuickSight dashboards to visualize recon data appeared first on Detectify Labs. [Source]
The post How To Hack Web Applications in 2022: Part 1 appeared first on Detectify Labs. [Source]
– The DOM-based Reflected Cross-Site Scripting (XSS) vulnerability is in Elementor’s Elementor Website Builder plugin <= 3.5.5 versions. This issue leads to: CVE 2022-29455 4websecurity.com already reported the vulnerability to tens of thousands websites that are using WordPress and this version of the plugin. Reference: – https://nvd.nist.gov/vuln/detail/CVE-2022-29455 – https://rotem-bar.com/hacking-65-million-websites-greater-cve-2022-29455-elementor – https://www.rotem-bar.com/elementor * POC (Proof Of Concept): The payload is Base64 encoded: https://example.com/#elementor-action:action=lightbox&settings=eyJ0eXBlIjoidmlkZW8iLCJ1cmwiOiJodHRwOi8vIiwidmlkZW9UeXBlIjoiaG9zdGVkIiwidmlkZW9QYXJhbXMiOnsib25lcnJvciI6ImFsZXJ0KGRvY3VtZW50LmRvbWFpbikifX0= Decoded from...
You must have heard about time travel in movies, series and comics. Well here we are Nah i’m not joking you can travel back in time and can fetch the endpoints from web applications to do further exploitation, don’t believe me xD You will after Travelling from TheTimeMachine, PS Doesn’t...
In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Dork: shodan-query: http.favicon.hash:892542951 fofa-query: app="ZABBIX-监控系统" && body="saml" usage nuclei -l target.txt -tags zabbix python3 zabbix_session_exp.py -t https:target.com...
Improper Access Control to Remote Code Execution (CVE-2020-8591) In this post. I will explain how I hacked a whole system by exploiting improper access control vulnerability in the popular java-based MaaS software “eG Manager” and how I can escalated it to execute code remotely. Impact The Improper Access Control weakness...
Hi guys ,This is Neil Harvey Miñano a Newbie security researcher from Philippine.This is my 1st write-up and also I am not good at XSS so forgive all mistakes.It was 04/20/2021 and my 1st day of bug hunting.I’m still newbie!Today I am gonna to Share a Reflected Xss vulnerability what...
Mostly, penetration testing can use the extensions for the purpose to locate the broken links and inform the client, and these extensions also help to determine whether a target website contains vulnerabilities that can lead to adversarial exploitations and sensitive information theft. Here are the different chrome extensions that are...
Speaking with the team at Open Bug Bounty was the highlight of her day for Aviva Zacks of Safety Detectives. She learned that their community-driven spirit is exactly what advantageously differentiates their project from the others out there. https://www.safetydetectives.com/blog/interview-open-bug-bounty/ [Source]