How a double-free bug in WhatsApp turns to RCE
https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
Home
How a double-free bug in WhatsApp turns to RCE
In this blog post, I’m going to share about a double-free vulnerability that I discovered in WhatsApp for Android, and how I turned it into an RCE. I informed this to Facebook. Facebook acknowledged and patched it officially in WhatsApp version 2.19.244.…
How to get RCE on AEM instance without Java knowledge
https://medium.com/@byq/how-to-get-rce-on-aem-instance-without-java-knowledge-a995ceab0a83
https://medium.com/@byq/how-to-get-rce-on-aem-instance-without-java-knowledge-a995ceab0a83
Medium
How to get RCE on AEM instance without Java knowledge
Before explaining how I was able to perform remote code execution on one of Adobe Experience Manager instance at bug bounty program let me…
REST framework Admin Panel bypass and how I recon for this vulnerability
https://medium.com/@hackerb0y/rest-framework-admin-panel-bypass-and-how-i-recon-for-this-vulnerability-a0ee41b01102
https://medium.com/@hackerb0y/rest-framework-admin-panel-bypass-and-how-i-recon-for-this-vulnerability-a0ee41b01102
Medium
REST framework Admin Panel bypass and how I recon for this vulnerability
Hi, This is Aziz Hakim a.k.a hackerb0y
objection is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak.https://github.com/sensepost/objection
GitHub
GitHub - sensepost/objection: 📱 objection - runtime mobile exploration
📱 objection - runtime mobile exploration. Contribute to sensepost/objection development by creating an account on GitHub.
I was rewarded $1900 For reporting CSRF and Stored XSS on a private program on @Bugcrowd .
It was a Stored XSS on profile Bio section.
WAF Bypass payload:-
">'><details/open/ontoggle=confirm('XSS')>
Via: https://twitter.com/avanish46/status/1179254241535377408
It was a Stored XSS on profile Bio section.
WAF Bypass payload:-
">'><details/open/ontoggle=confirm('XSS')>
Via: https://twitter.com/avanish46/status/1179254241535377408
Twitter
Avanish Pathak
I was rewarded $1900 For reporting CSRF and Stored XSS on a private program on @Bugcrowd . It was a Stored XSS on profile Bio section. WAF Bypass payload:- ">'><details/open/ontoggle=confirm('XSS')> #BugBounty #ittakesacrowd
Privilege escalation due to insecure use of logrotate
https://hackerone.com/reports/578119
https://hackerone.com/reports/578119
HackerOne
GitLab disclosed on HackerOne: Privilege escalation due to insecure...
### Summary
Gitlab sets the ownership of the logdirectory to the system-user "git", which might let local users obtain root access because of unsafe interaction with logrotate.
### Steps to...
Gitlab sets the ownership of the logdirectory to the system-user "git", which might let local users obtain root access because of unsafe interaction with logrotate.
### Steps to...
Stealing Users OAuth Tokens through redirect_uri parameter
https://hackerone.com/reports/665651
https://hackerone.com/reports/665651
HackerOne
GSA Bounty disclosed on HackerOne: Stealing Users OAuth Tokens...
I found that https://login.fr.cloud.gov/oauth/authorize has vulnerability by open redirect on oauth redirect_uri which can lead to users oauth tokens being leaked to any malicious user.
Step :
1,...
Step :
1,...
GraphQL Introspection leads to Sensitive Data Disclosure.
https://medium.com/@pranaybafna/graphql-introspection-leads-to-sensitive-data-disclosure-65b385452d7f
https://medium.com/@pranaybafna/graphql-introspection-leads-to-sensitive-data-disclosure-65b385452d7f
Medium
GraphQL Introspection leads to Sensitive Data Disclosure.
Introduction :
URL Bar Spoofing Flaw in Safari for iOS 12.3 and iOS 13 Beta | CVE-2019–8727
https://medium.com/@justm0rph3u5/url-bar-spoofing-in-safari-for-ios-12-3-and-ios-13-beta-cve-2019-8727-d87490f8ee29
https://medium.com/@justm0rph3u5/url-bar-spoofing-in-safari-for-ios-12-3-and-ios-13-beta-cve-2019-8727-d87490f8ee29
Medium
URL Bar Spoofing in Safari for iOS 12.3 and iOS 13 Beta | CVE-2019–8727
While working for browser-based attacks on the URL bar, I learned a way where it was still possible to spoof address bar in safari. None…
HTTP Desync Attacks: what happened next
https://portswigger.net/research/http-desync-attacks-what-happened-next
https://portswigger.net/research/http-desync-attacks-what-happened-next
PortSwigger Research
HTTP Desync Attacks: what happened next
Last month I published HTTP Desync Attacks: Request Smuggling Reborn. Since then, there's been a range of new developments. While vendors have been deploying fixes and publishing advisories, I've devi
Tools to play around #JavaScript files + extracting URLs
Via: https://twitter.com/soaj1664ashar/status/1179710102871433216
Via: https://twitter.com/soaj1664ashar/status/1179710102871433216
Twitter
Ashar Javed
Tools to play around #JavaScript files + extracting URLs github.com/cablej/FileCha… github.com/003random/getJS github.com/nahamsec/JSPar… github.com/zseano/JS-Scan github.com/Lopseg/Jsdir github.com/jobertabma/rel… github.com/GerbenJavado/L… please add, if…
Subdomains Enumeration: what is, how to do it, monitoring automation using webhooks and centralizing your findings
https://medium.com/@edu4rdshl/subdomains-enumeration-what-is-how-to-do-it-monitoring-automation-using-webhooks-and-5e0a0c6d9127
https://medium.com/@edu4rdshl/subdomains-enumeration-what-is-how-to-do-it-monitoring-automation-using-webhooks-and-5e0a0c6d9127
Medium
Subdomains Enumeration: what is, how to do it, monitoring automation using webhooks and…
If you are reading is possibly because you:
Karim Rahal: Security Features of Firefox
https://blog.detectify.com/2019/10/03/karim-rahal-security-features-of-firefox/
https://blog.detectify.com/2019/10/03/karim-rahal-security-features-of-firefox/
Detectify Blog
Karim Rahal: Security Features of Firefox - Detectify Blog
Karim Rahal tell us why he prefers Firefox, and in this blog he looks at a containers extension, research on tracker protection, and breach alert system.
Abusing PHP strip tags to bypass modern WAF to exploit XSS
https://tasteofsecurity.com/security/php-strip-tags-to-bypass-waf-xss/
https://tasteofsecurity.com/security/php-strip-tags-to-bypass-waf-xss/
Full path disclosure on www.rockstargames.com via apache filename brute forcing
https://hackerone.com/reports/210238
https://hackerone.com/reports/210238
HackerOne
Rockstar Games disclosed on HackerOne: full path disclosure on...
In this report, the researcher found that sending a request with an invalid Accept header to `http://www.rockstargames.com/index` resulted in a full path disclosure to the webroot. This was fixed...
Bug Bounty Methodology (TTP- Tactics, Techniques, and Procedures) V 2.0
https://medium.com/@nishantrustlingup/my-first-csrf-to-account-takeover-worth-750-1332641d4304
https://medium.com/@nishantrustlingup/my-first-csrf-to-account-takeover-worth-750-1332641d4304
Medium
My First CSRF to Account Takeover worth $750
Before I start. I want to take a moment to all who helped me learn Web Application Security and Bug Bounty Hunting! :)
Calendar Exploit as presented on the LevelUp 0x05 Talk.
https://github.com/bugbounty-site/calexe/
https://github.com/bugbounty-site/calexe/
GitHub
GitHub - Ophion-Security/calexe: Calendar Exploit.
Calendar Exploit. . Contribute to Ophion-Security/calexe development by creating an account on GitHub.
Got a directory traversal? Don't forget to check out /proc/[0-9]*/fd/[0-9]* for more juicy info!
Via: https://twitter.com/0xinfection/status/1180174978638991360
Via: https://twitter.com/0xinfection/status/1180174978638991360
[A]ndroid [A]pplication [P]entest [G]uide
https://nightowl131.github.io/AAPG/
https://nightowl131.github.io/AAPG/