@h4x0r_dz To enable the function that you already bought included in the solution you need fortishit that also require another product to function so you need fortinuts, i wont be amazed if they start selling some medicines for the sec/net engineers like requirement to use their solutions
Malware can turn off webcam LED and record video, demonstrated on ThinkPad X230 : https://t.co/ljjx6Po8b6 credits: @andreyknvl
Slides : https://t.co/JgfZ1qic5N
Thrilled to release my latest research on Apache HTTP Server, revealing several architectural issues! https://t.co/7ygwWXY0pd
Highlights include:
โก Escaping from DocumentRoot to System Root
โก Bypassing built-in ACL/Auth with just a '?'
โก Turning XSS into RCE with legacy code from 1996
@Bugcrowd google it (the impact, severity, causes, fixes, similar bug reports...)
can I escalate it to something with more impact?
does this bug exist only on this asset?
is the company interested in this type of bugs?
how much will they pay for it.
write exploit if possible.
report
@lauriewired last year I found a bug that led to account deletion just by setting a hex value in a user input. I tried to combine it with some kind of CSRF to get most impact, but I couldn't