전체 글
-
I found an SQL injection using Github dorking and here's my short story.BugBounty 2022. 4. 28. 08:23
Never forget about Github dorking. Last year, I was invited by TVA VDP via Hackerone . After reviewing their scope, I started my recon flow. I always start with github dorking because most of the time it contains low hanging fruits and sometimes hidden subdomains. After a few minutes, I discovered an interesting endpoint within a hidden subdomain. When I say hidden, I mean a subdomain that can't..
-
From Unexploited XSS To Self Stored XSS on victim CookiesBugBounty 2021. 3. 22. 06:01
Day #1 This is part 2 of this story , i will talk about a self XSS on Cookies And how i did the exploit through an out of scope subdomain.So our target is redact.com. first how i got the vulnerable attribute on cookies based? After browsing the redact.com i stopped in this path www.redacted.com/redactedfolder/redactedpage/ID and i used param miner {bruteForce] for hidden parameters , i got TWO b..
-
Cors Misconfiguration : Steal victim token and PII leads to ATOBugBounty 2021. 3. 22. 06:00
today i will talk about a bug i found it on July 2019 on Pvt program on HackerOne. the bug named “Cross Origin Resource Sharing Misconfiguration{CORS}”. 1-firstly what is CORS? Cross-Origin Resource Sharing(CORS) is a mechanism that enables web browsers to perform cross-domain requests using the XMLHttpRequest API in a controlled manner. These cross-origin requests have an Origin header, that id..