Samir Hadji

@dz_samir

Vulnerability Research and Discovery, Fuzzing and Penetration Testing.

Joined December 2011

660 Following

995 Followers

68 Posts

dz_samir retweeted

Juan Francisco Bolívar @JFran_cbit

almost 2 years ago

I had the pleasure of collaborating with @Hacker0x01 on an article discussing GraphQL attacks. You can find it here: https://t.co/m1QgnbkeCY

dz_samir retweeted

Orange Tsai 🍊

@orange_8361

almost 5 years ago

A New Attack Surface on Microsoft Exchange! The series covers most of my Black Hat USA and DEFCON talks (with slides and video inside). More articles and vulnerabilities are coming soon! https://t.co/lkup5hdyz9

512

173

dz_samir retweeted

Sander Wind @SanderWind

over 5 years ago

Recently, I stumbled upon a SSRF vulnerability allowing retrieval of the Amazon metadata for the EC2 instance running the vulnerable software. But how to proceed and turn the SSRF into RCE? https://t.co/scodRh4Zcz

dz_samir retweeted

Niemand @niemand_sec

over 5 years ago

Doing #BugBounty again :) Quick write-up about a Critical vuln I found: Exploiting Application-Level Profile Semantics (APLS) from Spring 🧙‍♂️ curl -H 'Accept:application/schema+json' -v http://localhost:8080/alps/profile/users https://t.co/I2rkl6FOCV #BugBountyTips #infosec

191

Who to follow

dz_samir retweeted

over 5 years ago

What do you do once you have found a blind SSRF? Check out our blind SSRF glossary which contains a number of handy attack chains: https://t.co/JVI1lSX3E7. The post also briefly touches on SSRF canaries, using existing DNS data and side channel attacks.

267

127

Samir Hadji @dz_samir

over 5 years ago

@inhibitor181 Congratulations! 🥳

Samir Hadji @dz_samir

over 5 years ago

@stokfredrik Thanks!

dz_samir retweeted

Securitum @securitum_com

almost 6 years ago

New blogpost! @SecurityMB shares his latest research on bypassing HTML sanitizers via prototype pollution. Sanitizers covered are: DOMPurify, sanitize-html, Closure and xss: https://t.co/myY2J4OTGP

195

dz_samir retweeted

m4ll0k @m4ll0k

over 5 years ago

Many companies send data via POST data (json), I found a lot bugs like Request Arbitrary Path (IDORs), LFI, CRLF,… Example:

348

311

dz_samir retweeted

@[email protected] @SecurityMB

over 5 years ago

@har1sec @alxbrsn @lbherrera_ @garethheyes If the app executes $.get (or other ajax methods), then you can hijack it to execute your own JS. Here's an example: https://t.co/QQRi94tmqp

SecurityMB's tweet photo. @har1sec @alxbrsn @lbherrera_ @garethheyes If the app executes $.get (or other ajax methods), then you can hijack it to execute your own JS. Here's an example: https://t.co/QQRi94tmqp https://t.co/7pIS6Evcao

147

dz_samir retweeted

PortSwigger Research @PortSwiggerRes

almost 6 years ago

Path traversal via HTML injection in an email?! Got to love server-side rendering. Great find by @Fisjkars https://t.co/6kbl3iv3Ae

403

164

dz_samir retweeted

Securitum @securitum_com

about 6 years ago

We are publishing the research of Copy&Paste issues in browsers by @SecurityMB. Over $30k in bounties for bugs in Chromium, Firefox, Safari, Google Docs, Gmail, TinyMCE, CKEditor, and others. Includes also 0-day in Froala. https://t.co/O8i8DuO2qv

750

340

189

Samir Hadji @dz_samir

about 6 years ago

@honoki Thanks for sharing !

Samir Hadji @dz_samir

over 6 years ago

@Hacker0x01 @inhibitor181 Congrats! :)

dz_samir retweeted

Luke Stephens (hakluke)

@hakluke

over 6 years ago

Hi all, dropping another tool today. This one is very simple, it does reverse DNS lookups as fast as possible. It's a great way of discovering domains and subdomains owned by a company when you know their IP address range(s). Check it out: https://t.co/ajYZ0ezZNf

hakluke's tweet photo. Hi all, dropping another tool today. This one is very simple, it does reverse DNS lookups as fast as possible.

It's a great way of discovering domains and subdomains owned by a company when you know their IP address range(s).

Check it out:

https://t.co/ajYZ0ezZNf https://t.co/WZV9FQw1jH

453

276

Samir Hadji @dz_samir

over 6 years ago

@plenumlab @Hacker0x01 SSRF

dz_samir retweeted

TvM @tvmpt

over 6 years ago

Quick and dirty way to find parameters vulnerable to LFI & Path Traversal & SSRF & Open Redirect: Burp Search > Regex \?.*=(\/\/?\w+|\w+\/|\w+(%3A|:)(\/|%2F)|%2F|[\.\w]+\.\w{2,4}[^\w]) Suggestions are welcome.

$tvmpt's tweet photo. Quick and dirty way to find parameters vulnerable to LFI & Path Traversal & SSRF & Open Redirect: Burp Search > Regex \?.*=(\/\/?\w+|\w+\/|\w+(%3A|:)(\/|%2F)|%2F|[\.\w]+\.\w{2,4}[^\w]) Suggestions are welcome. https://t.co/E0nEDFeUaM$

502

324

dz_samir retweeted

Securitum @securitum_com

over 6 years ago

Our guy, @SecurityMB, had a presentation at OWASP Poland Day about exploiting prototype pollution to RCE on the example of Kibana, by abusing environmental variables in node. The slides are here: https://t.co/T3tRcRQ9n0 We will also release a writeup soon so stay in touch!

254

118

Samir Hadji @dz_samir

almost 7 years ago

@intigriti @itscachemoney I have found the same issue years ago, create facebook account with a phone number, and after OAuth insert the victim email ... account takeover https://t.co/WS8G7X8lKJ

Last Seen Users on Sotwe

Trends for you

Most Popular Users

Olivia

Online

✨

⭐

💫