Bug Bounty Collaboration and Manual Exploitation of an Interesting Boolean SQL Injection
https://t.co/gcpTn1CAFQ
I documented the finding step by step. It took ~3 months to find a valid exploit for the SQLi.
If someone is motivated by wealth and genuinely believes AI will replace pentesting, why focus on security testing instead of trading?
If an AI is capable of finding critical vulnerabilities in hardened targets, it should be sophisticated enough to generate consistent profit.
@zack0x01 Collaboration rarely works as a standing setup. It’s usually ad hoc and vulnerability-specific. E.g. you find an HTMLi on [program] but can’t escalate it to XSS, so you team up with someone who can and then split 50/50.
If anyone else has this issue. Compile the extension ur self with java 17 and use the burp extender api compiled with java 17 too. Works like magic! ✨✨✨
Does anyone know a good alternative for Reflector Burp Suite extension (https://t.co/VJwqaNXQOp)?
It stopped working in latest versions for some reasons. Probably due to the legacy APIs being decommissioned.
This was one of my favourite Burp extension ngl. Huge thanks @elkokc!
If anyone else has this issue. Compile the extension ur self with java 17 and use the burp extender api compiled with java 17 too. Works like magic! ✨✨✨
Does anyone know a good alternative for Reflector Burp Suite extension (https://t.co/VJwqaNXQOp)?
It stopped working in latest versions for some reasons. Probably due to the legacy APIs being decommissioned.
This was one of my favourite Burp extension ngl. Huge thanks @elkokc!
@InsiderPhD@Masonhck3571 I think it's mostly related to 1) and 2) because triage times are also increased on every platform.
I see a correlation between this and the fact that bug bounty platforms are actively focused on pentesting products (closed circle bug bounty).
@CristiVlad25@GeminiApp Really cool if the AI extracted them with high accuracy.
It reminds me of a bug where I extracted PROD dev's access token from the tutorial youtube videos. 👀
Just published my first blog post "Cache Deception + CSPT: Turning Non Impactful Findings into Account Takeover"
You can read the full write-up here:
https://t.co/pfLArv8zUu
@intigriti Please create a button that allows creating a new DRAFT submission as a duplicate of another. It would make report writing much easier for most of us! 🫶
I've recently put more work into my ffuf fork, uff, and I think every ffuf user should at least give it a try - and maybe even switch to it.
Here's why, in a #bugbounty 🧵