Sick of wasting time on buggy bug bounty programs?
At https://t.co/6IxVsyCsAE, hunters leave anonymous reviews — honest, unfiltered & straight from the trenches.
CVE-2024-25600: Unauth. RCE vulnerability caused by PHP code injection in Bricks Builder, a WordPress site builder with over 25,000+ active installations.
Severity: Critical (CVSS 9.8)
Root cause analysis: https://t.co/E5K0sIZQn9
PoC: https://t.co/8DflZk7QIW
Mitigation: Upgrade
API endpoint collection methods:
- Dynamic assembly
- In JavaScript files
- With dorks
- Enumeration of endpoints
- APK file
- Internet Archive
- ... and even less popular ways
#pentest#BugBounty
Hi guys.
Here https://t.co/IbUfEBMF0L will be a lot of my interesting notes on pentests and bagbounty. A fair amount of interesting and useful information has accumulated over the past couple of years.
#pentest#BugBounty#bugbountytips
Yay, I was awarded a $2,500 bounty on @Hacker0x01! https://t.co/vHznK9eE6W #TogetherWeHitHarder
But what the hell do I need them for? Just to look at the figure in my personal account? 🤣🤣
The new @Grafana CVE-2022-21703, is actually a 1 Click Authentication Bypass and full read SSRF via CSRF, all you need is XSS/TKO on Same site host and the CVSS bumps to 9.3 - Critical.
All @Grafana versions are VULNERABLE 🙃
Read more at https://t.co/abqEX9oidS
#BugBounty