Continuing from his previous post, Bug Bounty Hunter Renwa writes about the second vulnerability he submitted to Opera's Bug Bounty Programme: a Remote Code Execution in Opera's My Flow Feature. What follows is his write-up and experience.

Assalamualaikum, wr,wb ,

In previous post, we discussed about how to setup a Recon Machine on VPS and how to use Screen to maintain your recon process even after…

The Peloton Bike ran an unpatched version of Android 7 which led to it being vulnerable to a number of known issues, most significantly CVE-2021-0326, which could allow an attacker within WiFi range to execute arbitrary code on the device with no user interaction.

Researchers found three critical remote code execution (RCE) vulnerabilities in the PHP Everywhere plugin for WordPress, used by over 30,000 websites worldwide.

Get all the writeups from Day 1 to 21, Click Here Or Click Here.

…

An IDOR (Insecure Direct Object Reference) vulnerability was found on TikTok ads, through the

Hello, Hackers Welcome Back to my Stored Link Hijacking Scenario...

TLDR; I discovered a misconfiguration for a collateral with weak oracle on lending & borrowing platform, combine with a nuance in…

Docker is now widely used in DevOps due to its ease of use and intuitive user experience. In this series, you'll learn everything there is to know about Docker, from its internals to exploiting misconfigurations to securing your Docker environment.

Latest Nuclei Release v2.9.6!

https://github.com/projectdiscovery/nuclei/releases/tag/v2.9.6

👩‍🎓👨‍🎓 Learn about JSON Web Token (JWT) vulnerabilities. This lab uses a JWT-based mechanism for handling sessions. It uses a robust RSA key pair to sign and verify tokens. However, due to implementation flaws, this mechanism is vulnerable to algorithm confusion…

Bug Bounty Tips: Working on a target app that requires an International phone # for sign up? 📲🌏

Don't let International phone number requirements stop your bug bounty journey! Here are my top 3 favorite services for receiving SMS online to tackle these targets:…

🔍 Question of the day: What automated checks can you perform after subdomain reconnaissance?🌐

Many people gather subdomains but struggle with what to do next with this dataset.

Here are some automated checks you can conduct on these subdomains:

🌀 Subdomain…

Over the course of 2023, crypto users lost $1.8 billion in various hacks, exploits, scams and rug pulls, bug bounty platform Immunefi said in a …

What's Changed
🎉 New Features

Added self-contained input support to fuzzing templates by @dogancanbakir in #4531
Added support to include additional custom tags with -as option by @dogancanbak...

This vulnerability was discovered on a private program on Hacker One, therefore I won’t be disclosing all the information.