🚨 ALERT 🚨
Python's ctx library and a fork of PHP's phpass have been compromised. 3 million users combined.
The malicious code sends all the environment variables to a heroku app, likely to mine AWS credentials.
Me: open redirect, XSS, host any content, etc. (in scope)
Shopify: Thanks! but no impact :(
Me: Disclose?
Shopify: Only when the issue is RESOLVED.
Me: OK! Will improve the PoC.
40 min late...
Shopify: Sorry, the issue is fixed now.
https://t.co/xUurAPn5Bx
All MindMap that I have made so far
1. Forget Password Vulns: https://t.co/8ueUhYNDjn
2. XML Attacks: https://t.co/4fkOKcalgp
3. 2FA Bypass Techniques: https://t.co/HPi5ZP2SKG
4. Android PT Checklist: https://t.co/FB6UGyVFkW
(1/2)
#AppSec#hacking#bugbountytips#websecurity
*** 1st #KNOXSS GIVEAWAY! ***
Like and RT this to have a chance to win one of the following:
* 1 KNOXSS Pro Subscription 3-month
* 1 KNOXSS Pro Subscription 6-month
* 1 KNOXSS Pro Subscription 1-year
Winners of this draw will be announced in 72hs, good luck! 😀