Jan 2, 2024 session page. Unveiling the Session Data Flaw: Upon further analysis, I unearthed a critical flaw: the sessions page was inadvertently disclosing sensitive user information, including usernames and...
Sep 15, 2021. 2. Hi fellow hunters, this is my first writeup for the community in which I will explain how I found a reflected cross site scripting bug and further escalated it to achieve account takeover of any user on the website.
Aug 25, 2023 Here is a friend link: https://medium.com/@mares.viktor/escalating-xss-with-crlf-to-account-takeover-without-stealing-the-session-token-a705e4363cf1?sk=3da4753f7f23af4e760e4e72d238f5f5
Apr 30, 2019 A Bugz Life. . Follow. Published in. A Bugz Life. . 5 min read. . Apr 30, 2019. 3. After starting bug hunting a little over 2 months ago, here is our first bug writeup, enjoy!
Nov 22, 2020 Here is the script: let name=[]; let value=[]; fetch(' https://sub.example.com/fakepath/accountchange.php?update=1') .then(function(response) { return response.text() }).then(function (html) { //...
Mar 24, 2020 i. Logs out the victim user using Log out CSRF. ii. Login to attackers account using Email/Password functionality. iii. Execute stored XSS from attackers account which in-turn will load the...
Mar 26, 2023 See all from InfoSec Write-ups. See more recommendations. Hello everyone! Hope youre doing well Today Im gonna talk about my 2 findings on an online learning and teaching platform Before the story begins lets see what actually these findings are 1.
Mar 25, 2021 Basic Example. To fully understand what this all means, lets take a look at a basic example. Below is some HTML and PHP code for a very basic (and vulnerable) application.
This behaviour could be leveraged by an attacker in order to compromise user sessions within the application. This could allow the attacker to impersonate legitimate users through session hijacking. They could also carry out unauthorised actions in the current user context or access data processed by the application.
Jul 17, 2023 David Merian. . Follow. Published in. System Weakness. . 2 min read. . Jul 17, 2023. -- 1. You may be bughunting or pentesting.
**P5 to Payday: Turning a P5 reflected XSS into a $$$ Account Takeover** Not all vulnerabilities shine on first glance. Here's how a little recon and some creative thinking escalated a reflected ...
What is Cross sites scripting? Cross site scripting (XSS) is an attack in which an attacker injects malicious executable scripts into the code of a trusted application or website. Attackers often initiate an XSS attack by sending a malicious link to a user and enticing the user to click it.
Jan 5, 2024 146 Followers. Blogs on latest security events + CTF writeups. See all from Hasanka Amarasinghe. Recommended from Medium. Change Your Mind Change Your Life. Fourth Wave. See more recommendations.
Oct 24, 2022 8 min read Mar 20, 2023. Hasanka Amarasinghe. How to add a shared folder in VirtualBox in Windows 11. To add a folder to a VM in VirtualBox, (this takes much less work than adding a shared folder...
Jul 11, 2021 A New Hope. I spent hours cruising the website, looking for any possible XSS and was close to giving up.
Jul 29, 2021 Hi everyone! This is Vikram Naidu, Bug bounty hunter from India. Hope you all are safe. This is my first writeup and it is about my recent finding on a private program where I was able to ...
**P5 to Payday: Turning a P5 reflected XSS into a $$$ Account Takeover** Not all vulnerabilities shine on first glance. Here's how a little recon and some
Jan 28, 2021 Hacking. Bug Bounty. Cybersecurity. -- Follow. Written by oxinfosec. 83 Followers. A nerd guy who is in search of seeking knowledge. See all from oxinfosec. See more recommendations.
Jan 4, 2024 Tools and Techniques: Burp Suite or OWASP ZAP: Learn how to use web application security testing tools for reconnaissance, scanning, and identifying vulnerabilities. Fuzzing Tools: Explore fuzzing...
The Chola Mbilimas Post. Water and Sanitation Regulator Expert. 8mo Edited. The message was clear. It costs something so someone has to pay. The costs of not paying for WSS services is higher...
Sep 6, 2023 Available Solutions:-
1)From P5 to Payday $$$: Escalating Reflected XSS to Account Takeover https://lnkd.in/gzk95N7c 2)TryHackMe - Advent of Cyber 2023 (Day
Sep 8, 2023 Free. Distraction-free reading. No ads. Organize your knowledge with lists and highlights. Tell your story. Find your audience. Membership. Access the best member-only stories. Support independent...
The results of this page are the results of the google search engine, which are displayed using the google api. So for results that violate copyright or intellectual property rights that are felt to be detrimental and want to be removed from the database, please contact us and fill out the form via the following link here.