Hi everyone and welcome back on this new write-up.

"Webmin 0day remote code execution" Tl;Dr: Lack of input validation in the reset password function allows RCE (CVE-2019-15107). Over 13 0000 vulnerable on Shodan. PoC: /password_reset.cgi user=root&pam&expired&old=wrong | id https://t.co/kYKfq8v6Bb

The goal of the challenge was to find an XSS vulnerability on a minimalist website. It was composed of 3 steps of increasing difficulty in the form of extra security layer. All the payload are tested with Chrome 75. difficulty Escape GET value X-XSS-Protection…

Hello, Friends Day has come today now Download the HackersEra APP My new course is releasing today it's Offensive Bug Bounty Hunter 2.0. If you want to know more about Contents visit below link
https://hackersera.com/p/?page=online-training
HackersEra APP…

Getting from a self-XSS vulnerability to a valid DOM XSS with the help of clickjacking on Google.org's Crisis Map.

So you guys must be aware of CSRF attack, if not then here is a short intro:

If you see PUT method. Don't worry! Change PUT to POST and try for CSRF. Sometimes this happens : #bugbountytips #bugbounty #infosec #hacking

Feeling cute, so I gathered some Google Dorks to hunt external bug bounty programs, enjoy ❤️ https://t.co/Qd2psyNV4Z Suggestions are welcome! #bugbounty #bugbountytips

Hello Hunters, XSS (Cross Site Scripting) is really one of the most common bugs that we have found atleast once somewhere The thing that is not common is how we report it? Most of the Bug Bounty…

A big list of Android Hackerone disclosed reports and other resources. - GitHub - B3nac/Android-Reports-and-Resources: A big list of Android Hackerone disclosed reports and other resources.

HTTP Request Smuggling Introduction: https://t.co/c1e0m8u4Kk Detection: https://t.co/FvmIeppVH1 Exploitation: https://t.co/4VuPNNk1YO IRL Example: https://t.co/2qyS4YSCvC

A writeup for the third XSS challenge made by intigriti describing both failed and successful attempts at solving this challenge,

Portal is a fairly new HTML element that is currently supported only in Chrome Canary behind the #enable-portals flag. Their main objective is to enable seamless transitions to the web by pre-rendering content in an iframe-like element that can be then “promoted”…

Introduction

Note before you start.