cyberpunk

🥇 FREE Certified AppSec Practitioner (CAP) exam! 🥇 ** No Discount Code Needed** To get the offer: 1. Retweet this post. 2. Fill this Google form - 📄 https://t.co/WVFmLaO3CZ 3. We will email you the exam details. 💯 🔗 Read more about our CAP exam - https://t.co/iW47bEhG0s #pentesting #CAPExam #Applicationsecurity #informationsecurity

Bug Bounty Tips: 🐛🔐 Unlocking Important Resources with Email Verification Bypass Working on a target where email verification is crucial? Imagine a scenario where gaining access to a specific domain, like example[.]com, could grant you entry into a victim's workspace, allowing you to view documents and other content associated with that whitelisted domain. Often, email verification bypass issues are reported without demonstrating real-time impact or as pre-account takeovers. Consequently, many of these submissions get marked as "Informative." Here's my approach on how to showcase the impact of these issues: Identify Features Dependent on Email Domain: Identify critical features linked to a user's email domain. For instance, consider a target app that grants access to resources based on your email domain. Some apps let you join a team or workspace directly if your email matches the team's domain (e.g., join Victim SITE XYZ only with sample@victimsitexyz[.]com). Others restrict access to documents or videos based on email domain whitelisting. Numerous such opportunities exist where email plays a crucial role. Here's a simple trick that often works to bypass email verification and claim an unregistered email on any domain: 1️⃣ Log in to your attacker account and change your email address to an attacker-controlled email (e.g., [email protected]). 2️⃣ You'll likely receive an email confirmation link on your attacker-controlled email (Do not verify it yet). 3️⃣ Now, change your email to the unregistered email or domain you wish to HIJACK (e.g., [email protected]). 4️⃣ This action will send an email verification link to [email protected], which you don't have access to. 5️⃣ Try clicking on the "Email" verification link sent earlier to [email protected]. If the system fails to revoke the previous email verification link, the link for [email protected] could end up verifying the email for [email protected], allowing you to claim it as verified. Once you've claimed an email associated with another organization's domain, identify the associated functions to prove impact and report it to earn some generous bounties! Numerous similar misconfigurations exist that you can leverage to bypass email verification checks. Takeaways: Don't report email verification issues without demonstrating actual impact. Apps that support organizations/workspaces with multiple roles often rely on a person's email domain, making them valid candidates for showcasing security impact. 💡🛡️ #BugBounty #Cybersecurity #HackingTips #HackerOne #BugCrowd #BugBountyTips #SecurityTips

🤔Question of the day: What are the common vulnerabilities within the "Forgot Password" functionality? Many users tend to overlook testing the "Forgot Password" feature of a target app. However, these functions are often susceptible to various issues. If exploited, these issues can lead to an account takeover, yielding bounties ranging from $750 to $7500, depending on the program. Here are the common issues you should be on the lookout for: 1️⃣ Token and username parameter: Some target apps often generate a password reset link containing a token and a username parameter. In such cases, request a password reset link on your attacker account, navigate to it, and attempt to replace the "username" parameter with the victim's username. Try resetting the password using your token. This is frequently one of the most common issues I've encountered that leads to an Account Takeover (ATO). 2️⃣ Password reset poisoning: Request a password reset using the victim's account and alter the "Host" header of the request to https://attackercontrolledsite(.)com. If the target app is vulnerable, this will trigger an email to the victim with a password link pointing to your server (e.g., https://attackercontrolledsite(.)com?token=dsksdjsdjsdjdsjdsjsd. When the victim clicks on this link, you will receive the password reset token, paving the way for an ATO. 3️⃣ HTTP Parameter Pollution: When requesting a password reset, always attempt to pass multiple email parameters (e.g., email=victim@target(.)com&email=attacker@target(.)com). Depending on how the application's backend is set up, it may have different routines running on various servers to check validity and send emails. Consequently, it could inadvertently send the password reset link of victim@target(.)com to attacker@target(.)com. 4️⃣ None of the above worked? Fret not! We have many more scenarios that can be exploited, and we'll discuss them in our future tweets. Takeaways: Never underestimate the importance of the password reset functionality, as issues in these areas can lead to lucrative payouts. Be creative and make sure to add these items to your checklist. #CyberSecurityTips #SecurityTips #BugBountyTips #InfoSec #HackerOne #BugCrowd #portswigger #burpsuite