"Team Security" Telegram-Gruppe .

❈ "Confessions of a CIA Spy - The Art of Human Hacking" Book Release - Peter Warmka - PSW #684

IT Security Video youtube.com

...


Kompletten Artikel lesen (externe Quelle: https://www.youtube.com/watch?v=oM7pZJ5IqPk)

Zur Team IT Security IT Sicherheit Nachrichtenportal Startseite

➤ Weitere Beiträge von Team Security | IT Sicherheit (tsecurity.de)

Automattic: [intensedebate.com] SQL Injection Time Based On /js/commentAction/

vom 482.37 Punkte
[intensedebate.com] SQLi Time Based On /js/commentAction/ Summary: Hello, I have found a SQLI Injection Time Based on /js/commentAction/. When a user want to submit/reply to a comment, a JSON payload was send by a GET request. GET /js/commentAction/?data

HackerOne: Pentester can obtain information about other pentesters who applied for the same test, but weren't accepted

vom 451.36 Punkte
Hi team, I don't know your policy about pentesters(about their visibility on the platform), But I couldn't find any other pentesters before. 1) For example: GraphQL has the h1_pentester attribute that would explicitly point us to th

h1-ctf: [H1-2006 2020] "Swiss Cheese" design style leads to helping Mårten Mickos pay poor hackers

vom 344.55 Punkte
Summary: Several vulnerabilities in the bountypay application leads to unauthorised access, information disclosure, SSRF and other fun stuff. Steps To Reproduce: This is how I helped Mårten Mickos pay the poor hackers who had been waiting so long fo

Keybase: SOP bypass using browser cache

vom 323.88 Punkte
Summary An attacker has the ability to extract sensitive information from user's accounts, due to a CORS issue. On a minor note, this also is a cross-site leak as we can fingerprint what exact keybase user has accessed the attacker'

Apple presents the best of 2018

vom 304.06 Punkte
Apple presents the best of 2018<br/>The Apps, Games, Music, Movies, TV Shows, Podcasts and More That Shaped Entertainment and Culture Around the World This Year<br/>As the year comes to a close there are so many unanswered questions: Who is

Apple presents the best of 2018

vom 304.06 Punkte
Apple presents the best of 2018<br/>The Apps, Games, Music, Movies, TV Shows, Podcasts and More That Shaped Entertainment and Culture Around the World This Year<br/>As the year comes to a close there are so many unanswered questions: Who is

OSINT-SPY - Search using OSINT (Open Source Intelligence)

vom 287.49 Punkte
Performs OSINT scan on email/domain/ip_address/organization using OSINT-SPY. It can be used by Data Miners, Infosec Researchers, Penetration Testers and cyber crime investigator in order to find deep information about their target. OSINT-SPY Documentati

NordVPN: Disclosure of User Information

vom 282.53 Punkte
Hi Team, We can get information about the users registered (such as: id, name, login name, etc.) and employees of NordVPN without authentication on https://www.nordvpn.com Vulnerable URL: https://nordvpn.com/wp-json/wp/v2/users/ Vulnerable URL: https://nordvpn.com/?rest

CS Money: ReDoS at wiki.cs.money graphQL endpoint (AND probably a kind of command injection)

vom 268.75 Punkte
Summary: The endpoint /graphql has a vulnerable query operation named &quot;search&quot;, that can I send a Regex malformed parameter, in order to trick the original regular expression to a regex bomb expression. Payload with a &quot;com

Agoric: Improper Input Validation allows an attacker to "double spend" or "respend", violating the integrity of the message command history or causing DoS

vom 265.31 Punkte
Summary: Improper Input Validation allows an attacker to &quot;double spend&quot; or &quot;respend&quot;, violating the integrity of the message command history or causing DoS Steps To Reproduce: I was curling random integers and found

HackerOne: Unauthorized user can obtain `report_sources` attribute through Team GraphQL object

vom 254.97 Punkte
Summary: Hi team. And Happy New Year! Description: If I am not mistaken, then through this parameter we can define private programs with an external link. If this parameter is not empty, then the program is private. - [&quot;HackerOne Platform&qu

U.S. Dept Of Defense: Self XSS + CSRF Leads to Reflected XSS in https://████/

vom 254.97 Punkte
Hi Security Team, The form inputs in https://███/ Vulnerable to Self XSS Either the form was vulnerable to CSRF When these two bugs available and attacker could combine them to Perform a Reflected XSS Attack Impact Reflected XSS Execute JS Code

Team Security Diskussion über "Confessions of a CIA Spy - The Art of Human Hacking" Book Release - Peter Warmka - PSW #684