#CVE-2025-55182: RSC RCE — Full Unicode encoding can bypass certain WAFs that lack proper decoding or normalization capabilities. Please verify this on your end.
@winteri3coming I found a hardcoded error in a js file of a program, but I can't exploit it. I don't know how to exploit it. Can I write a report to hackerone?
Last tip of 2023:
Often when you gather URLs of a target you find some google spreadsheet links that return 404, just copy the file KEY and change the link:
spreadsheets*google*com/feeds/list/KEY -> 404
docs*google*com/spreadsheets/u/0/d/KEY/pub -> 200
#bugbountytips#bugbounty
🚨Alert🚨CVE-2024-4984: XSS on Yoast SEO plugin for WordPress
⚠Any user input inside sprintf() function is vulnerable to XSS, and there is a lot, even the WordPress core itself
📰Refer:https://t.co/KaCumuiXsK
📰GitHub Advisory: https://t.co/dH2y27QvRD
👇👇👇Hunter is currently under maintenance. You can search on FOFA or SHODAN using the following search syntax.
Hunter:/web.body="wordpress/plugins/seo"
FOFA:app="yoast-SEO-Plugin"
SHODAN:http.html:"wordpress/plugins/seo"
#WordPress #XSS #infosec #infosecurity #Infosys #Vulnerability
You came across this unusual API endpoint on one of your targets after you spent a lot of time in recon 😎
What are your next steps in trying to find a vulnerability? 🤔
Biidznillah, I was awarded a $2,500 bounty on @Hacker0x01
1. Type "amr" in the search feature
2. GET /user/api/search?keywords=amr&q=keywords
3. Change to
4. GET /user/api/[email protected]&q=email
Sensitive information about the victim was disclosed
#bugbountytips
Top 5 places to look for SSRF vulnerabilities: 😎
• Profile image loaders
• External file or data processors (like webhooks)
• PDF Generators (through HTML Injection)
• Host header injections
• File uploads (via XML for example)
By:@intigriti#bugbountytips#bugbounty