WordPress Core is vulnerable to Unauthenticated Stored Cross-Site Scripting
guess what no one is talking about 😮
POC: go to comments
put onmouseover xss payload in the name field
BOOM
#BugBounty#CyberAttack#bugbountytip
Deeply saddened by the loss of Kevin Mitnick, a legendary hacker and cybersecurity expert. His journey inspired many, and his contributions to the industry were invaluable. Rest in peace, Kevin.
For open redirects, try using this character: 。The website thinks it's redirecting to a page on the site, but browsers convert it to a '.' thus completing the redirect. Usage: ?url=//google。com Goes to: https://t.co/3dcucO5HhZ URL encoded: %E3%80%82 #bugbountytips
Bug Bounty Tip
When dealing with custom or outdated XSS sanitizers - don't forget to try the <select> mXSS trick
<select><style></select>
<svg onload=alert(1)>
</style>
The browser will remove the <style> tag, while sanitizer will think that our payload in <style> tag is safe.
10 types of web vulnerabilities that are often missed
🐞 HTTP/2 Smuggling
🐛 XXE via Office Open XML Parsers
🐜 SSRF via XSS in PDF Generators
🕷 XSS via SVG Files
🦟 Blind XSS
#bugbounty#pentest#hacking
Thread 🧵👇
https://t.co/c2AIi8ev8Q
I hacked a large company (70k+ employees) through social engineering. Legally of course.
• I set up the infrastructure
• Scraped names & emails with LinkedIn
• Sent 200 phishing emails.
I had access to their AWS console within 2 minutes.
And much more:
A guide to creating the perfect bug bounty automation with @hakluke!
This @Detectify blog discusses ways in which you can start to automate your #bugbounty hunting!
🪲🔫🤖
👇
https://t.co/jU96ynDJcB
Unauthenticated Remote Code Execution in Cacti 🌵🐛
This vulnerability was literally introduced by a single character:
https://t.co/45yDRMIKFD
#appsec#security#vulnerability
In a blog by @kuldeepdotexe, he details a recent second order XXE exploit he found on a Synack target. Read more in the latest Exploits Explained: https://t.co/KJWDS0KvUb
Exchange TabShell RCE PoC (CVE-2022-41076)
(Just copy paste the poc from @vcslab's blog post)
Still wondering why this vulnerability is so underrated xD
PoC script (for copy paste purpose): https://t.co/4jLfIxXkC3
https://t.co/nHrJvpxqVn
I created a github repo where I have uploaded my checklists which I use during my bug bounty hunting. I'll be adding more vulnerabilities & new test cases in future. If you like it, make sure to motivate me by giving it a ⭐.
Here is the link: https://t.co/mSHm3LXWLw
#bugbounty