❈ "Confessions of a CIA Spy - The Art of Human Hacking" Book Release - Peter Warmka - PSW #684
Kompletten Artikel lesen (externe Quelle: https://www.youtube.com/watch?v=oM7pZJ5IqPk)
Zur Team IT Security IT Sicherheit Nachrichtenportal Startseite

Automattic: [intensedebate.com] SQL Injection Time Based On /js/commentAction/
vom 482.37 Punkte
[intensedebate.com] SQLi Time Based On /js/commentAction/ Summary: Hello, I have found a SQLI Injection Time Based on /js/commentAction/. When a user want to submit/reply to a comment, a JSON payload was send by a GET request. GET /js/commentAction/?data
HackerOne: Pentester can obtain information about other pentesters who applied for the same test, but weren't accepted
vom 451.36 Punkte
Hi team, I don't know your policy about pentesters(about their visibility on the platform), But I couldn't find any other pentesters before. 1) For example: GraphQL has the h1_pentester attribute that would explicitly point us to th
h1-ctf: [H1-2006 2020] "Swiss Cheese" design style leads to helping MÃ¥rten Mickos pay poor hackers
vom 344.55 Punkte
Summary: Several vulnerabilities in the bountypay application leads to unauthorised access, information disclosure, SSRF and other fun stuff. Steps To Reproduce: This is how I helped MÃ¥rten Mickos pay the poor hackers who had been waiting so long fo
Keybase: SOP bypass using browser cache
vom 323.88 Punkte
Summary An attacker has the ability to extract sensitive information from user's accounts, due to a CORS issue. On a minor note, this also is a cross-site leak as we can fingerprint what exact keybase user has accessed the attacker'
Apple presents the best of 2018
vom 304.06 Punkte
Apple presents the best of 2018<br/>The Apps, Games, Music, Movies, TV Shows, Podcasts and More That Shaped Entertainment and Culture Around the World This Year<br/>As the year comes to a close there are so many unanswered questions: Who is
Apple presents the best of 2018
vom 304.06 Punkte
Apple presents the best of 2018<br/>The Apps, Games, Music, Movies, TV Shows, Podcasts and More That Shaped Entertainment and Culture Around the World This Year<br/>As the year comes to a close there are so many unanswered questions: Who is
OSINT-SPY - Search using OSINT (Open Source Intelligence)
vom 287.49 Punkte
Performs OSINT scan on email/domain/ip_address/organization using OSINT-SPY. It can be used by Data Miners, Infosec Researchers, Penetration Testers and cyber crime investigator in order to find deep information about their target.
OSINT-SPY Documentati
NordVPN: Disclosure of User Information
vom 282.53 Punkte
Hi Team, We can get information about the users registered (such as: id, name, login name, etc.) and employees of NordVPN without authentication on https://www.nordvpn.com Vulnerable URL: https://nordvpn.com/wp-json/wp/v2/users/ Vulnerable URL: https://nordvpn.com/?rest
CS Money: ReDoS at wiki.cs.money graphQL endpoint (AND probably a kind of command injection)
vom 268.75 Punkte
Summary: The endpoint /graphql has a vulnerable query operation named "search", that can I send a Regex malformed parameter, in order to trick the original regular expression to a regex bomb expression. Payload with a "com
Agoric: Improper Input Validation allows an attacker to "double spend" or "respend", violating the integrity of the message command history or causing DoS
vom 265.31 Punkte
Summary: Improper Input Validation allows an attacker to "double spend" or "respend", violating the integrity of the message command history or causing DoS Steps To Reproduce: I was curling random integers and found
HackerOne: Unauthorized user can obtain `report_sources` attribute through Team GraphQL object
vom 254.97 Punkte
Summary: Hi team. And Happy New Year! Description: If I am not mistaken, then through this parameter we can define private programs with an external link. If this parameter is not empty, then the program is private. - ["HackerOne Platform&qu
U.S. Dept Of Defense: Self XSS + CSRF Leads to Reflected XSS in https://████/
vom 254.97 Punkte
Hi Security Team, The form inputs in https://███/ Vulnerable to Self XSS Either the form was vulnerable to CSRF When these two bugs available and attacker could combine them to Perform a Reflected XSS Attack Impact Reflected XSS Execute JS Code