Category archives: Bug Bounty News Feed

Hey Google, Talk to Feedly

Hey Google, Talk to Feedly
Have you ever wished Google Assistant could read you the articles in your Feedly? Now it can. Nick Felker has created a Google Assistant Action that integrates Google Assistant and Feedly. Thanks to the Feedly action, Google Assistant can list the headlines in your feeds, read specific articles, and even...

CVE 2022-29455 is still affecting millions of WordPress sites

– The DOM-based Reflected Cross-Site Scripting (XSS) vulnerability is in Elementor’s Elementor Website Builder plugin <= 3.5.5 versions.  This issue leads to: CVE 2022-29455 already reported the vulnerability to tens of thousands websites that are using WordPress and this version of the plugin.  Reference:    –    –    – * POC (Proof Of Concept): The payload is Base64 encoded: Decoded from...

Zabbix – SAML SSO Authentication Bypass

In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Dork: shodan-query: http.favicon.hash:892542951 fofa-query: app="ZABBIX-监控系统" && body="saml" usage nuclei -l target.txt -tags zabbix python3 -t

Google XSS Game Level #1: Hello, world of XSS <script>alert('xss')</script>hint: inspect the source code of the page Level #2: Persistence is key <img src=x onerror=alert('XSS')>hint: “welcome” post contains HTML Level #3: That sinking feeling…' onerror='alert("xss")'> Level #4: Context matters timer=');alert('xss Level #5: Breaking protocol'xss') Level #6: Follow the X,alert('xss')...

Interview With Open Bug Bounty

Speaking with the team at Open Bug Bounty was the highlight of her day for Aviva Zacks of Safety Detectives. She learned that their community-driven spirit is exactly what advantageously differentiates their project from the others out there. [Source]