Easy P1 🙃
1: Collect all the Js files by using the developer tool on mozila
2: Run Link Finder Tool on that JS files which you got from dev tool or use Js Miner tool
3: Now check manually sensitive keyword js file
#bugbounty
#bugbountytips
#security
Just scored a 4 Digit Bounty on
@YogoshaOfficial
1 : Get all the URL from wayback / Gau
2 : Filter out the js file using httpx
3 : Check Mnauly all the js file or you can use nuclei template or used
@trufflesec
chrome extension
#BugBounty
#bugbountytips
Oracle WebLogic Server LFI
#Bogbounty
#bugbountytips
#bugbountytip
Payload used :
GET .//META-INF/MANIFEST.MF
GET .//WEB-INF/web.xml
GET .//WEB-INF/portlet.xml
GET .//WEB-INF/weblogic.xml
3 RCE on the VDP program
- Found that the website is using the Oracle WebLogic Server
- Nuclei template used: CVE-2019-2729.yaml
- For exploitation:
#BugBounty
#bugbountytips
#bugbountytip
I and
@0xAyub
earned $1,000 for my submission on
@bugcrowd
#ItTakesACrowd
#BugBounty
No tip is needed for subdomain takeover pretty strate forward Vulnerability
Template use for detection: http/takeovers/pantheon-takeover.yaml
@Jayesh25_
Wanted to add something here if the swagger instance is not vulnerable to XSS, go for the HTML Injection it will be accepted as P3/ P5
Paylaod
Rewarded 3-digit Bounty for IDOR leads to Mass Username / Email Enumeration
1: I was testing the Forgot password page ( it was Developer Account )
2: I got the password reset link in an email like this
( )
#bugbountytips
#bugbounty
#security
I'm thrilled to announce that I've successfully passed the Certified Red Team Professional (CRTP) exam 🚀 I’m eager to leverage this expertise to enhance cybersecurity strategies and protect against emerging threats. thank you to
@nikhil_mitt
@alteredsecurity
Security for course
Hacker Cup Week 2: Check out the latest standings for a glimpse into the exceptional skills driving the competition forward!
🏆 Top 8 teams:
𝟏: {"teamName":12345}
𝟐: Jujutsu Hackers
𝟑: Flysec
𝟒: TESS's Squad
𝟓: Tamil Pasanga
𝟔: Str4Hat Pirates
𝟕: The Boys
𝟖: ByteHunters
Kudos to Bsides Odisha for their quick decision upon the recent conflict raised due to the speaker’s past controversial tweet. Don’t spread hate 🩷🤟
@3ncryptSaan
@bsidesodisha
Happy to share that I have provisionally passed the
#eMAPT
certification.
Thanks,
@eLearnSecurity
&
@ine
really enjoyed the exam scenario of building vulnerable android applications from scratch to hack other vulnerable applications.
Happy Guru Purnima! I'm forever grateful for the wisdom and inspiration my Gurus have given me. With immense gratitude, I celebrate the invaluable lessons learned from them. My deepest thanks to all my Gurus for guiding me. 🌠🌌