Wanna see three brand new OAuth attacks and how our very own @securinti hacked Shopify with a single dot?
It's all in this week's #BugBytes! Along with fantastic resources on Elasticsearch, SAML and API hacking 🗞️👇
https://t.co/3Tstjwvgfk
Found a hidden HTTP param? Look deeper, maybe there is a mass assignment/autobinding vulnerability.
Sometimes changes in objects are hidden too and you need to closely explore the app.
Source:
https://t.co/9lURrqkxVh
#CyberSecurity#BugBountyTip#BugBounty
We've seen @c0rv4x put this #BugBountyTip into practice a few times and we're amazed! If you're testing rails or symfony apps, keep this in mind! #BugBountyTips
Have you ever found yourself in the situation where the server says for e.g: ”customer_id parameter not found", if you put the customer_id parameter in url, the server returns the same error! This tool will help you, creating a combination of the parameter passed as an argument:
OIDC, Oauth2, SAML, what you are asking? 🤯
Read this article -> https://t.co/fT4nKvU5Kl
Literally the best security related, most compact read I have found on this!
Great #BugBountyTip by @JR0ch17: before copy pasting blind XSS payloads, think about the context they might render in! Use blind template injection payloads to increase your chances of success! #HackWithIntigriti#BugBountyTips
Got root access to a server? Run 3snake and grab the attention to the server. Wait for admins and grab their ssh passwords!
https://t.co/L6yPqunVpy
Trick by @cherboff#redteam#cybersecurity#Pentest
I just uploaded some of the most common file types for my Patrik's Bug Bounty Tools mind map here:
SVG: https://t.co/IJhzII3XNf
PDF: https://t.co/gyA2RxQbpZ
XMIND: https://t.co/PUC8ur6ldT
PNG: https://t.co/zKucgzsACm
enjoy! 🥰🥳👑
#bugbountytips#BugBounty
We continue to talk about attacks on CORS.
This time, we have prepared a set of ideas for bypassing lists of allowed hosts.
#CyberSecurity#BugBountyTip#BugBounty
TIP:
Blind XSS in User-Agent
You can also use Auto-Repeater or Chrome Dev tools the more options the better.
Thanks for the tip!!
@NahamSec@d0nutptr@IAmMandatory
Your podcast was awesome as always ❤️ I'm going to donate to XSSHunter Shortly
We've just released a new topic on next-level web cache poisoning, integrating novel research from our research team @PortSwiggerRes#BHUSA
https://t.co/0sZGCOOjuk