- XSSTRON :-Electron JS Browser To Find XSS Vulnerabilities Automatically
-Automate and finds the IP address of a website behind Cloudflare
-Taser : Python3 resource library for creating security related tooling
-Tool Release – Web3 Decoder Burp Suite Extension
-MetaMask Clickjacking Vulnerability Analysis
-GoWhois - Whois command implemented by golang with awesome whois servers list
-Related-domains : Find related domains of a given domain
-CSPRecon - Discover new target domains using Content Security Policy
-CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions.
-Subdomain Enumeration with DNSSEC
-Posta. Cross-document Messaging security research tool
-Katana : A next-generation crawling and spidering framework.
-Text4Shell scanner for Burp Suite
-RUSTSCAN — THE MODERN PORT SCANNER
-Holy FFUF! — A Beginner Guide to Fuzz with FFUF
-GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes
VAmPI - Vulnerable REST API with OWASP top 10 vulnerabilities for security testing
-Burp Macros: What, Why & How?
Introducing DOM Invader: DOM XSS just got a whole lot easier to find
-Jira-Lens Fast and customizable vulnerability scanner For JIRA written in Python
-Setup Your Private Burp Collaborator for SSRF/XXE
-Experience Burp Suite Enterprise Edition in a new live demo
-Urls de-duplication tool for better recon.
-ZKar is a Java serialization protocol analysis tool implement in Go
-Smap : a drop-in replacement for Nmap powered by shodan.io
-DumpXSS. Scanner Tool For XSS Vulnerability
-x8 - Hidden parameters discovery suite written in Rust.
-InjectGPT: the most polite exploit ever
-DLL Hijacking using Spartacus, outside of DllMain
-Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities.
-Cloudflare, Sucuri, Incapsula real IP tracker
-A Brief Introduction to Prototype Pollution
-Caido - Lightweight Web Security Auditing Toolkit
-AssetFinder: A Handy Subdomain and Domain Discovery Tool
-Secret Magpie - Secret Detection Tool
-Designing sockfuzzer, a network syscall fuzzer for XNU
-Proto Find. Let's check if your target is vulnerable for client side prototype pollution
-Prototype Pollution Scanner made in Golang
-New differential fuzzing tool reveals novel HTTP request smuggling techniques
-CRLFuzz – Hacker Tools: Injecting CRLF for bounties
-OWASP Top 10: Static Analysis of Android Application & Tools Used
-S3Scanner - Scan for open S3 buckets and dump the contents
-Kurl : HTTP Requests for security researchers
-UDON - A simple tool that helps to find assets/domains based on the Google Analytics ID.
-Online - Reverse Shell Generator
-S3cret Scanner: Hunting For Secrets Uploaded To Public S3 Buckets
-Working with a scope using Gowitness
-PurplePanda : Identify privilege escalation paths within and across different clouds
-A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF
-STEWS is a tool suite for security testing of WebSockets
-Webrecon : Automated Web Recon Shell Scripts
-Wafme0w - Fast and lightweight Web Application Firewall fingerprinting tool.
-User-Agent , X-Forwarded-For and Referer SQLI Fuzzer
-Gotator is a tool to generate DNS wordlists through permutations.
-Latest web hacking tools – Q3 2021
-Introducing Baserunner: a tool for exploring and exploiting Firebase datastores
-Turbo Intruder – Hacker Tools: Going faster than ever!
-Implementing Nuclei into your GitLab CI/CD Pipeline for Scanning Live Web Applications
-What the fuzz?! — The truth behind content discovery
-Meg – Hacker Tools: Endpoint scan the masses!
-Must Have Browser Extensions for Bug Bounty
-S3Sec - Check AWS S3 instances for read/write/delete access
-Uniscan: An RFI, LFI, and RCE Vulnerability Scanner
-Jira Scan is a simple remote scanner for Atlassian Jira
-Raider - Web authentication testing framework
-Reconator - Automated Recon for Pentesting & Bug Bounty
-Log4j2 RCE Passive Scanner plugin for BurpSuite
-A tool to find redirection chains in multiple URLs
-EMBA - The firmware security analyzer
-A humble, and fast, security-oriented HTTP headers analyzer
-Introducing a new way to buzz for eBPF vulnerabilities
-GradeJS analyzes production Webpack bundles without having access to the source code of a website.
-Waymore - Find way more from the Wayback Machine!
-Pastos - Search pastes in tens of webs in seconds with GCSE.
-Saltzer and Schroeder's 10 secure design principles as applied to solidity smart contracts.
-Teen hacker scoops $4,500 bug bounty for Facebook flaw that allowed attackers to unmask page admins
-Mosca - Manual search tool to find bugs like a grep unix command - Beta
-gitlab-subdomains - Find subdomains on GitLab
-Remote Code Execution Vulnerability in Azure Pipelines Can Lead To Software Supply Chain Attack
-Security researcher earns plaudits after discovering Yandex SSRF flaw
-CSRF Generator - This html file creates a csrf poc form to any http request.
-How I was able to reveal page admin of almost any page on Facebook
-A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
-Cero : Scrape domain names from SSL certificates of arbitrary hosts
-Smap : passive Nmap like scanner built with shodan.io
-Shopify Plugin Bypass using P3 Client-side injection thru API Implementation Vulnerability
-A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI
-Run all your bug bounty VPN profiles in parallel and expose them via multiple local SOCKS proxies.
-csprecon - Discover new target domains using Content Security Policy
-A tale of zero click account takeover
-Subdomain Takeover leading to Full Account Takeover
-How to find new/more domains of a company? - Recon Stuff
-xnLinkFinder : A python tool used to discover endpoints for a given target
-Decrypting Mobile App Traffic using AES Killer and Frida
-How good is Burp's API Scanning?
-CSRF Testing Guide For Bug Bounty Hunters
-BrokenLinkHijacker(BLH) is a Fast Broken Link Hijacker Tool written in Python
-A collection of hacker tools using HackerOne's API
-Vulnerabilities in exported activity WebView
-Shell in the Ghost: Ghostscript CVE-2023-28879 writeup
-Bug Bounty Recon: Horizontal Correlation
-How I Found multiple SQL Injection with FFUF and Sqlmap in a few minutes
-A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
-How I earned 240$ from a Zero Interface
-Acropalypse vulnerability reveals your screenshots
-Reverse engineering Flutter for Android + Doldrums (Doldrums is a reverse engineering tool for Flutter apps)Tool Link = Doldrum Tool
-Introducing PacketStreamer: distributed packet capture for cloud-native platforms
-GCP CloudSQL Vulnerability Leads to Internal Container Access and Data Exposure
-How to use Uncover: Quickly discover exposed hosts using multiple search engines
-Introducing ASNMap: A Golang CLI tool for speedy reconnaissance using ASN data
-Go Dork. The fastest dork scanner written in Go
-uro - declutters url lists for crawling/pentesting
-ClusterFuzzLite - Simple continuous fuzzing that runs in CI
-Gorks : Google Dorks finally made easy to run without hiding.
-Escalating XSS to Sainthood with Nagios
-Passive DNS Capture/Monitoring Framework
-Command Injection — All in one Blog
-fail2ban – Remote Code Execution
How Gopher works in escalating SSRFs
-Astra finds urls, endpoints, aws buckets, api keys, tokens, etc from a given url/s
-Cloudlist is a tool for listing Assets from multiple Cloud Providers
-r2flutch - tool to decrypt iOS apps using r2frida
-mx-takeover focuses DNS MX records and detects misconfigured MX records.
-Miracle - One Vulnerability To Rule Them All
-400$ Bounty again using Google Dorks
-Top 10 web hacking techniques of 2020 | PortSwigger Research
-Server-Side Prototype Pollution Scanner
-Now I See You: Uncovering Security Vulnerabilities in Camera Sunglasses
-Improper Privilege Management in Grails Spring Security Core <= 5.1.0 CVE-2022-41923
-CVE-2021-41773: Path Traversal Zero-Day in Apache HTTP Server Exploited
-Gcash Vulnerability Walkthrough
-IDOR and API-keys🔑Token Hardcode Exposed
-Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI
-Here's my story about 8 CVEs resulting in a plugin removal and more than $30,000 in bounties!
-Prototype pollution-like bug variant discovered in Python
-Bypass firewalls with of-CORs and typo-squatting
-AWS CloudTrail vulnerability: Undocumented API allows CloudTrail bypass
-A Different Payload for CVE-2022-47966
-Difficulty of Reproducing Old Exploits (Part 1)
-Difficulty of Reproducing Old Exploits (Part 2)
-We discovered major vulnerabilities in Control Web Panel. Here’s how we found them
-From Shared Dash to Root Bash :: Pre-Authenticated RCE in VMWare vRealize Operations Manager
-Account Take Over Due To AWS Cognito Misconfiguration
-Discoverability by phone number/email restriction bypass
-How I Design My Prefect Bug Bounty Automation (Part 1)
-How I Design My Prefect Bug Bounty Automation (Part 2)
-Internal Gitlab Ticket Disclosure via External Slack Channels
-10 Types of Web Vulnerabilities that are Often Missed
-Ultimate Reconnaissance RoadMap for Bug Bounty Hunters & Pentesters
-How to Continuously Detect Vulnerable Jenkins Plugins to Avoid a Software Supply Chain Attack
-Bypassing a Creation Limit on Free Accounts: A Race Condition Vulnerability in Bug Bounty Program
-Implementing Nuclei into your Bitbucket CI/CD Pipeline for Scanning Live Web Applications
-How to automate your initial recon and extend ASM using Sub-Scout
-Pentah0wnage: Pre-Auth RCE in Pentaho Business Analytics Server
-Full Company Building Takeover
-Bad things come in large packages: .pkg signature verification bypass on macOS
-Parallels Desktop Toolgate Vulnerability
-How we Abused Repository Webhooks to Access Internal CI Systems at Scale
-Bypass Captcha using Turbo Intruder leads to Bruteforce attack - Bug Bounty
-Aurora Withdrawal Logic Error Bugfix Review
-Basic WebAssembly buffer overflow exploitation
-An attacker can archive and unarchive any structured scope object on HackerOne
-Modify in-flight data to payment provider Smart2Pay
-Bugs in our Pockets: The Risks of Client-Side Scanning
-Hunting Sourcemaps On Steroids
-Make recruiting referrals on behalf of employees ($3000)
-RCE in Avaya Aura Device Services
-Prototype Pollution in Python
-AttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumes
-Misconfigured Reset password that leads to Account Takeover (No user Interaction ATO)</>
-10 CVEs! My Personal Thoughts On Research And CVEs
-Story about Escalation of HTML Injection to EC2 Instance credentials leak
-The Blind Exploits To Rule Watchguard Firewalls Vulnerabilities
-View orders and financial reports lists for any page shop ($500)
-Testing the Performance of User Authentication Flow
-Hunting for Prototype Pollution and it’s vulnerable code on JS libraries
-If It’s a Feature!!! Let’s Abuse It for $750
-Story of my first cash bounty on hackerone
-How I made it into the United Nations hall of fame as I slept
-Microsoft bug reports lead to ranking on Microsoft MSRC Quarterly Leaderboard (Q3 2022)
-Embedding Payloads and Bypassing Controls in Microsoft InfoPath
-SSH key injection in Google Cloud Compute Engine (Google VRP)
-Breaking Bitbucket: Pre Auth Remote Command Execution (CVE-2022-36804)
-HTTP Parameter Pollution - It’s Contaminated Again
-Critical Vulnerability in Microsoft Azure Cosmos DB
-Inglourious Drivers – A Journey of Finding Vulnerabilities in Drivers
-Unusual Cache Poisoning between Akamai and S3 buckets
-How I hacked one of the biggest Airline in the world
-Bug Bounty Short Tips as image
-How I found a bug in Apple within just in 5min
-Chaining vulnerabilities to criticality in Progress WhatsUp Gold
-Hijacking Arch Linux Packages by Repo Jacking GitHub Repositories
-A Quick Guide to Hack private variables in Solidity
-Google SSO misconfiguration leading to Account Takeover
-How I found my first Chrome bug
-Dependabot Confusion: Gaining Access to Private GitHub Repositories using Dependabot
-Reverse Prompt Engineering for Fun and (no) Profit
-The second part of discovered vulnerabilities in pre-installed apps on Samsung devices
-Cloud Metadata - AWS IAM Credential Abuse
-$300 Google API key leaked to Public on Live Website
-Full account takeover vulnerability in Minecraft
-5 Ways to Exploit a Domain Takeover Vulnerability
-Expect The Unexpected: Discovering fresh ZeroDay for Bounty
-Disclosing a New Vulnerability in JWT Secret Poisoning (CVE-2022-23529)
-Securing Developer Tools: A New Supply Chain Attack on PHP
-CS:GO : From Zero to 0-day
-How I found a critical P1 bug in 5 minutes using a cellphone — Bug Bounty
-Making New Connections – Leveraging Cisco AnyConnect Client to Drop and Run Payloads
-SiriSpy - iOS bug allowed apps to eavesdrop on your conversations with Siri
-How I was able to delete 13k+ Microsoft Translator projects
-Leaked H1's Employees Email addresses,meeting info on private bug bounty program
-Hacking the Apple Webcam (again)
-JavaScript bugs aplenty in Node.js ecosystem – found automatically
-Multiple vulnerability leading to account takeover in TikTok SMB subdomain.
-Story of my hacking Dutch Government
-GitLab triages bug bounty-reported flaws with latest release
-Bypassing CSP with dangling iframes
-He is already here: Privileges escalation due to invalidating current users
-Finding client-side prototype pollution with DOM Invader
-The MarkdownTime Vulnerability: How to Avoid This DoS Attack on Business Critical Services
-Multiple bugs chained to takeover Facebook Accounts which uses Gmail.
-Earn $200K by fuzzing for a weekend: Part 1
-Earn $200K by fuzzing for a weekend: Part 2
-CVE-2022-26712: The POC for SIP-Bypass Is Even Tweetable
-A Big company Admin Panel takeover $4500
-OpenEMR - Remote Code Execution in your Healthcare System
-CVE-2022-1040 Sophos XG Firewall Authentication bypass
-You Have One New Appointment: Exploiting iCalendar Properties in Enterprise Applications
-Fuzzing for Bug Bounty Hunting
-Hacking the Blockchain: An Ultimate Guide
-Bounty Evaluation GitHub = $15,000 US Dollars
-Gitlab Project Import RCE Analysis (CVE-2022-2185)
-Joomla! CVE-2023-23752 to Code Execution
-A Konami Code for Vuln Chaining Combos
-2 click Remote Code execution in Evernote Android
-Spring cloud function SpEL RCE
-Remote Command Execution via Github import
-Cacti: Unauthenticated Remote Code Execution
-New Spring Framework RCE Vulnerability Confirmed - What to do?
-Spring Actuator Security, Part 1: Stealing Secrets Using Spring Actuators
-Spring Actuator Security, Part 2: Finding Actuators using Static Code Analysis with semgrep
-My First RCE from N/A to Triaged (CVE-2021–3064)
-Gitpod remote code execution 0-day vulnerability via WebSockets
-How I abused the file upload function to get a high severity vulnerability in Bug Bounty
-RCE via WebDav - Power Of PUT
-HTTP Desync Attack (Request Smuggling) - Mass Session Hijacking
-How I Found Multiple Bugs On FaceBook In 1 Month And a Part For My Methodology & Tools
-Halborn Discovers Zero-Day Impacting Dogecoin and 280+ Networks
-Local priv-esc vulnerability in Zoom (for macOS)
-CVE-2022-41343 - RCE via Phar Deserialisation (Dompdf)
-Cookie Bugs - Smuggling & Injection
-RCE 0 day for GhostScript-9.50
-Low hanging fruits on Facebook Group Room
-Denial of Service via Hyperlinks in Posts
-Google Trust Services ACME API available to all users at no cost
-A fresh look at user enumeration in Microsoft Teams
-CookieMonsteRCE - XSS to RCE Exploitation in Zena 4.2.1
-How I got access to many PIIs through a source code leak
-F5 BIG-IP Critical Vulnerability Exploited By Attackers To Gain Unauthenticated RCE</>
-WEEKEND DESTROYER - RCE in Western Digital PR4100 NAS
-Persistent PHP payloads in PNGs: How to inject PHP code in an image – and keep it there !
-How “Forgot Password” can cost you your account
-postMessage Braindump : a brief postMessage testing methodology
-Subdomain Enumeration Guide 2021
-Subdomain Takeover: How a Misconfigured DNS Record Could Lead to a Huge Supply Chain Attack
-Full account takeover through referral code
-Information Gathering&scanning for sensitive information
-Attacking Pixel's Titan M with Only One Byte (CVE-2022-20233) and getting 75,000 USD bounty
-CI/CD SECRETS EXTRACTION, TIPS AND TRICKS
-SSD ADVISORY – KERIO MAILBOX TAKEOVER
-The easiest $2500 I got it from bug bounty program
-Disclose leads form details of any Facebook Business Account or Facebook Page\
-Multiple Critical Vulnerabilities in Strapi Versions <=4.7.1
-EJS, Server side template injection RCE (CVE-2022-29078) - writeup
-Remote code execution in cdnjs of Cloudflare
-RCE via unsafe inline Kramdown options when rendering certain Wiki pages
-MyBB Remote Code Execution Chain
-Critical Gems Takeover Bug Reported in RubyGems Package Manager
-Hunting evasive vulnerabilities
-Ability To Delete User(s) Account Without User Interaction
-URLs in img tag aren’t safely embedded. ($500)
-How I Got $10,000 From GitHub For Bypassing Filtration oF HTML tags
-Low privilege user can read POS PINs via graphql and elevate his privilege
-That single GraphQL issue that you keep missing
-CVE-2021-4191: GitLab GraphQL API User Enumeration (FIXED)
-GraphQL automated security testing toolkit
-IDOR in GraphQL Query Leaking Private Photos of a Million $ App
-Hx01 Abusing Data Protection Laws For D0xing & Account Takeovers
-Access employees files in internal CDNs/ Access users modified/deleted content.($12500)
-Forced Browsing to Access Admin Panel
-I found IDOR Vulnerability at Microsoft Subdomain
-How I found an IDOR that led to sensitive information leak?
-Fuzzing + IDOR = Admin TakeOver
-Post Account Takeover? Account Takeover of Internal Tesla Accounts
-Account Takeover - Inside The Tenanth
Helping secure BNB Chain through responsible disclosure
-How I was able to take over accounts in websites deal with Github as an SSO provider
-Account Takeover Worth of $2500
-Firing 8 Account Takeover Methods
-Traveling with OAuth - Account Takeover on Booking.com
-OTP Bypass Through Response Manipulation
-Unsubscribe any user’s e-mail notifications via IDOR
-IDOR leads to leak Private Details
-How I found my first bug (IDOR)
-23000$ for Authentication Bypass & File Upload & Arbitrary File Overwrite
-Hacking AI: System and Cloud Takeover via MLflow Exploit
-Announcing the deps.dev API: critical dependency data for secure supply chains
-IDOR to information disclosure + Admin Account Takeover
-$$$$ IDOR’s — How to find IDORs in Ecommerce sites?
-ATO in Canvas Games due to weak cross window message Origin validations ($62,500)
-OTP Bypassing and Vulnerabilities from E-Mail fields.
-Detecting and mitigating CVE-2022-42889 a.k.a. Text4shell
-CVE-2019–6238: Apple XAR directory traversal vulnerability
-Unique Rate limit bypass worth 1800$
-$600 for IDOR (File or Folder Download)
-202 - A SNIProxy Bug and a Samsung NPU Double Free
-A Story of IDOR which leads to privacy violation…$$$
-IDOR leads to removing members from any Google Chat Space
-How I found my first IDOR in HackerOne
-$5000 Google IDOR Vulnerability Writeup
-Attacking Access Control Models In Modern Web Applications
-GitHub Security Lab audited DataHub: Here’s what they found
-Improper Access Control — My Third Finding on Hackerone!
-Cross site request forgery (CSRF) attack
-How I Get $1350 From IDOR Just Less 1 hours
-How I earned $9000 with Privilege escalations
-How I Get $1350 From IDOR Just Less 1 hours
-IDOR in "external status check" API leaks data about any status check on the instance
-4300$ Instagram IDOR Bug (2022)
-How I was able to delete any users’ OAUTH connections via IDOR
-How I was able to takeover any users account on a major telecoms website
-Cobalt Pentest Case Study: OAuth Redirect to Account Takeover
-IDOR via GET Request which can SOLD all User Products
-Shopify Account Takeover $22,500 Bug Bounty
-Weird Google bugs, SAML padding Oracle & Apache path traversal continued
-Practical HTTP Header Smuggling: Sneaking Past Reverse Proxies to Attack AWS and Beyond
-$5,000 YouTube IDOR - Bug Bounty Reports Explained
-Browser-Powered Desync Attacks -> A New Frontier in HTTP Request Smuggling
-Making HTTP header injection critical via response queue poisoning
-TCP/IP Vulnerability CVE-2022–34718 PoC Restoration and Analysis
-Host Header Injection Lead To Account Takeover
-Exploring the World of ESI Injection
-SQL injection vulnerabilities in Owncloud Android app - CVE-2023-24804, CVE-2023-23948
-Exploiting an N-day vBulletin PHP Object Injection Vulnerability
Finding DOM Polyglot XSS in PayPal the Easy Way
-XSS with Markdown — Exploit & Fix on OpenSource
-postMessage XSS in Tesla Payment page
-XSS Through The Front-Door @ GitLab
-HTML parser bug triggers Chromium XSS security flaw
-SCRAPING LOGIN CREDENTIALS WITH XSS
-XSSI (Cross Site Script Inclusion) to Steal AccessToken and More
-A $$$ worth of cookies! | Reflected DOM-Based XSS | Bug Bounty POC
-Email platform Zimbra issues hotfix for XSS vulnerability under active exploitation
-CVE-2022-38627: A journey through SQLite Injection to compromise the whole enterprise building
-Exploiting DOM Based XSS via Misconfigured postMessage() Function
-Stored XSS To Other Users Via Messages
-How I found XSS on Admin Page without login!
-Cache Poisoning via SelfXSS + Path Parameter
-Subdomain Takeover in Azure: making a PoC
-Error based SQL Injection with WAF bypass manual Exploit 100%
-XSS via X-Forwarded-Host header
-Time-Based SQL Injection to Dumping the Database
-[1500$ Worth — Slack] vulnerability, bypass invite accept process
-The Tale of a Command Injection by Changing the Logo
-Reflected Cross Site Scripting (XSS) on one.newrelic.com
-Blind XSS in app.pullrequest.com/████████ via /reviews/ratings/{uuid}
-Hacking Swagger-UI - from XSS to account takeovers
-How I was able to steal users credentials via Swagger UI DOM-XSS
-I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSS
-Stored XSS in markdown via the DesignReferenceFilter
-XSS through base64 encoded JSON
-XSS on account[dot]leagueoflegends[dot]com via easyXDM [2016]
-XSS vulnerability discovered in Android and iOS WordPress app plugin WPMobile.App (CVE-2023-22702)
-SSO Gadgets: Escalate (Self-)XSS to ATO
-Stumbling across a DOM XSS on google.com
-XSS Bug in SEOPress WordPress Plugin Allows Site Takeover
-Stored XSS to RCE Chain as SYSTEM in ManageEngine ServiceDesk Plus
-Command Injection in the GitHub Pages Build Pipeline
-Reflected XSS Leads to 3,000$ Bug Bounty Rewards from Microsoft Forms
-Attack surface of extension pages
-Stored XSS in Notes (with CSP bypass for gitlab.com)
-How I found an XSS vulnerability via using emojis
-Stored XSS in Google Doubleclick Studio
-Moodle: Blind SQL Injection (CVE-2021-36393) and Broken Access Control (CVE-2021-36397)
-Orange Arbitrary Command Execution
-How I Found Multiple SQL Injections in 5 Minutes in Bug Bounty
-Finding an unseen SQL Injection by bypassing escape functions in mysqljs/mysql
-WordPress 5.8.2 Stored XSS Vulnerability
-CVE-2022-24948: Apache JSPWiki preauth Stored XSS to ATO
-Stored XSS: Non-Privileged User to Anyone Using QR Code
-Javascript Hoisting in XSS Scenarios
-Stored XSS vulnerability in Microsoft booking
-Palisade identifies Wormable Cross-Site Scripting Vulnerability affecting Rarible’s NFT Marketplace
-Tableau Server Leaks Sensitive Information From Reflected XSS
-Unleashing the power of CSS injection: The access key to an internal API
-CVE-2021-26084,Atlassian Confluence OGNL
-Exploiting Redash instances with CVE-2021-41192
-5000$ for Apple Stored Xss And Another Blind Xss Still under review
-Web Cache Poisoning leads to Stored XSS
-DOM-XSS in Instant Games due to improper verifications ($62,500?)
-Stored XSS via Mermaid Prototype Pollution vulnerability
-UXSS to Account Takeover in Rushbet
-Got Another XSS using Double Encoding
-Google Roulette: Developer console trick can trigger XSS in Chromium browsers
-PostMessage Xss vulnerability on private program
-How I found DOM-Based XSS on Microsoft MSRC and How they fixed it
-DOM-XSS in Instant Games due to improper verification of supplied URLs
-Winning QR with DOM-Based XSS | Bug Bounty POC
-Easy SQLi in Amazon subsidiary using Sqlmap
-Fun sql injection — mod_security bypass/a>
SQL Injection Bugs on All Verizon Media Assets
-Exploiting SQL Injection at Authorization token
-Stranger Strings: An exploitable flaw in SQLite
-A 500$ SQL Injection Bug in .IKEA.es — My First Finding on Hackerone!
-Varonis Threat Labs Discovers SQLi and Access Flaws in Zendesk
-Exploring Prompt Injection Attacks
-Puckungfu: A NETGEAR WAN Command Injection
-Hunting for Bugs in File Upload Feature
-How i made 15k$ from Remote Code Execution Vulnerability
-HTTP request smuggling bug patched in mitmproxy
-Able to steal bearer token from deep link
-Backdooring Electron Applications
-Unsafe content loading [Electron JS]
-PHP FILTER CHAINS: FILE READ FROM ERROR-BASED ORACLE
-Escaping misconfigured VSCode extensions
-Trigger custom URL in Medium Android app
-Add new managed stores without permission
-Hacking Microservices For Fun and Bounty
-Cache Poisoning & Lateral Movement @ GitLab
-Attacking File Uploads in Modern Web Applications
-Full Account Takeover via Open Redirection
-Bypassing File Upload Restriction using Magic Bytes
-Design Flaw : A Tale of Permanent DOS (Informative -> Triaged)
-OAUTH Misconfiguration leads to Full Account Takeover
-Hijacking GitHub Repositories by Deleting and Restoring Them
-Exploiting CVE-2022-42703 - Bringing back the stack attack
-Two Factor Authentication Bypass On Facebook
-MeshyJSON: A TP-Link tdpServer JSON Stack Overflow
-Arbitrary File Corruption: End - to - End Encrypted Messaging Application
-Fuzzing Golang msgpack for fun and panic
-Hacking a Bank by Finding a 0day in DotCMS
-Paramspider lead to find SQLI vulnerability
-Let's Dance in the Cache - Destabilizing Hash Table on Microsoft IIS!
-Novel Pipeline Vulnerability Discovered; Rust Found Vulnerable
-Practical Example Of Client Side Path Manipulation
-Account takeover of Facebook/Oculus accounts due to First-Party access_token stealing
-Laravel 8.x image upload bypass
-How I Made $16,500 Hacking CDN Caching Servers — Part 1
-How I Made $16,500 Hacking CDN Caching Servers — Part 2
-How I Made $16,500 Hacking CDN Caching Servers — Part 3
-Bypassing default visibility for newly-added email in Facebook(Part I - Submitting I.D)
-Bypassing default visibility for newly-added email in Facebook(Part II - Trusted Contacts)
-Slack integration setup lacks CSRF protection
-My first report on HackerOne: A logic flaw in npm
-Multiple bugs leads to RCE on TikTok for Android
-Leaking Facebook user information to external websites ($2000)
-All about Password Reset vulnerabilities
-Nothing new under the Sun – Discovering and exploiting a CDE bug chain
-How I hacked thousand of subdomains
-Unusual Cache Poisoning between Akamai and S3 buckets
-Web-Cache Poisoning $$$? Worth it?
-How I Scored 1K Bounty Using Waybackurls
-System misconfiguration is the number one vulnerability, at least for Mastodon
-$10.000 bounty for exposed .git to RCE
-Exposing Secrets Via SDLC Tools: The SonarQube Case
-Account Takeover Due to Cognito Misconfiguration Earns Me €xxxx
-Converting string to enum at the cost of 50 GB: let's analyze the CVE-2020-36620 vulnerability
-Detecting web message misconfigurations for cross-domain credential theft
-XML Security in Java - Java XML security issues and how to address them
-The 100+ Million Person Data Disclosure
-The Untold SendBird Misconfigurations
-PRACTICAL CLIENT SIDE PATH TRAVERSAL ATTACKS
-Infosys leaked FullAdminAccess AWS keys on PyPi for over a year
-CSRF protection bypass in GitHub Enterprise management console
-TE.TE HTTP request smuggling obfuscating the TE header
-Fastly Subdomain Takeover $2000
-Stealing passwords from infosec Mastodon - without bypassing CSP
-UNSERIALIZABLE, BUT UNREACHABLE: REMOTE CODE EXECUTION ON VBULLETIN
-OpenEMR - Remote Code Execution in your Healthcare System
-Common Nginx Misconfiguration leads to Path Traversal
-Gregor Samsa: Exploiting Java's XML Signature Verification
-How I got Apple Hall Of Fame !
-Prompt injection explained, with video, slides, and a transcript
-Centos Web Panel 7 Unauthenticated Remote Code Execution - CVE-2022-44877
-Preventing compromised password reuse on HackerOne.com
-CVE-2022-21703: cross-origin request forgery against Grafana
-2 CSRF 1 IDOR on Google Marketing Platform
-PHP Development Server <= 7.4.21 - Remote Source Disclosure
-Lack of URL normalization renders Blocked-Previews feature ineffectual
-Bypass Premium Account Payment (GetPocket)
-Manipulating the WebSocket handshake to exploit vulnerabilities
-AWS Targeted by a Package Backfill Attack
-Detecting Server-Side Prototype Pollution
-CSRF on /api/graphql allows executing mutations through GET requests
-XXE in Public Transport Ticketing Mobile APP
-I have Found Microsoft Subdomain Website database list, database username, password
-Critical Local File Read in Electron Desktop App
-CVE-2022-46175: JSON5 Prototype Pollution Vulnerability
-Hijacking accounts with host manipulation using collaborator
-Server-side prototype pollution: Black-box detection without the DoS
-Demographic Misconfiguration on Facebook live
-Pre-Auth RCE in Aspera Faspex: Case Guide for Auditing Ruby on Rails
-Critical Valve Bug Lets Gamers Add Unlimited Funds to Steam Wallets
-How we spoofed ENS domains for $15k
-Basecamp disclosed on HackerOne: Insecure Bundler configuration
-Exploiting S3 bucket with path folder to Access PII info of A BANK
-Open Redirect to Account Takeover
-Enumerate internal cached URLs which lead to data exposure
-Open redirect in Instagram.com ($500)
-Open Redirect Vulnerability & Some Common Payloads
-Broken Link hijacking — What it is and how to get bounties with it!
-A unique method of subdomain enumeration
-Exploiting weak configurations in Google Cloud Identity Platform
-VMware vCenter Server Platform Services Controller Unsafe Deserialization vulnerability
-WordPress XXE Vulnerability in Media Library – CVE-2021-29447
-Insecure Deserialization in JavaScript: GoogleCTF 2022 Web/HORKOS Writeup
-Veeam Backup and Replication CVE-2023-27532 Deep Dive
-A Brief Introduction to Prototype Pollution
-CORS misconfig that worths USD200
-Blog posts atom feed of a store with password protection can be accessed by anyone
-Enzyme Finance Price Oracle Manipulation Bug Fix Postmortem
-Prototype Pollution Primer for Pentesters and Programmers
-A Long Story of XXE Vulnerability!!
-Pwn2Own Local Escalation of Privilege Category
-Overwolf 1-Click Remote Code Execution - CVE-2021-33501
-Bypassing Box’s Time-based One-Time Password MFA
-Bypassing CloudTrail in AWS Service Catalog, and Other Logging Research
-Exploiting URL Parsing Confusion Vulnerabilities
-How i made 15k$ from Remote Code Execution Vulnerability
-Link hijacking Binance’s shortlinks through AppsFlyer
-Vulnerability Analysis with Ghidra Scripting
-Subdomain Takeover Via Flywheel
How I was able to Takeover Accounts on Foxit.com
-Hacking Apple: Two Successful Exploits and Positive Thoughts on their Bug Bounty Program
-The Complete Guide to Prototype Pollution Vulnerabilities
-Misconfigured Reset password that leads to Account Takeover
-2FA Bypass via Forced Browsing
-Duo Two-factor Authentication Bypass
-Account Takeovers — Believe the Unbelievable
-Account Takeover + A Bonus Vulnerability
-Cross-Site WebSocket Hijacking (CSWSH)
-Zabbix - A Case Study of Unsafe Session Storage
-Logic Flaw Leading to RCE in Dynamicweb 9.5.0 - 9.12.7
-Writeup for an iOS 15 exploit that can achieve kernel
-WSO2 RCE (CVE-2022-29464) exploit and writeup
-Vulnerabilities in Tenda's W15Ev2 AC1200 Router
-Exploiting CVE-2022-42703 - Bringing back the stack attack
-Improper Authentication - any user can login as other user with otp/logout & otp/login
-A Summary of OAuth 2.0 Attack Methods
-Bypassed the subscription and got the certification
-Broken Authentication Login With Google
-Security researcher finds dangerous bug in Chromium, nabs $15,000 bounty
-OAUTH2 bearer not-checked for connection re-use
-2fa Bypass Using Response Manipulation
-OTP brute-force via rate limit bypass
-Account Takeover via SMS Authentication Flow
-Bypassing Login Page in 2 Mins
-Pre-Auth RCE in Moodle Part I - PHP Object Injection in Shibboleth Module
-Pre-Auth RCE in Moodle Part II - Session Hijack in Moodle's Shibboleth
-Web Cache Poisoning: A Tale of chaining unkeyed inputs
-EXPLOITING JSON WEB TOKEN [JWT]
-Security Advisory: Remote Command Execution in binwalk
-Researchers Bypass SMS-based Multi-Factor Authentication Protecting Box Accounts
-Trick to bypass rate limit of password reset functionality
-Exploiting OAuth: Journey to Account Takeover
-A tale of 0-Click Account Takeover and 2FA Bypass
-Exploiting OAuth: Journey to Account Takeover
-Account Takeover using OAuth Misconfiguration | Badoo Bug Bounty $300
-Pwning a Server using Markdown
-How I found a bug in Apple within just in 5min
-Huawei Security Hypervisor Vulnerability
-A Brief Introduction to SAML Security Vector
-Hacking Google Drive Integrations
Adobe Acrobat Reader - resetForm - CAgg UaF - RCE Exploit - CVE-2023-21608
-1-click RCE in Electron Applications
-Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes ($50K+ Bounty Earned)
-A Confused Deputy Vulnerability in AWS AppSync
-Vulnerability in AWS AppSync allowed unauthorized access to cloud resources
-Melis Platform CMS patched for critical RCE flaw
-Harvesting Logs for Fun and Profit
-SSRF: Bypassing hostname restrictions with fuzzing
-Just Gopher It: Escalating a Blind SSRF to RCE for $15k
-Simple SSRF Allows Access To Internal Assets
-FogBugz import attachment full SSRF requiring vulnerability
-SSRF vulnerabilities and where to find them
-SSRF in ColdFusion/CFML Tags and Functions
-Stealing administrative JWT's through post auth SSRF (CVE-2021-22056)
-SSRF in PDF Renderer using SVG
-Turning bad SSRF to good SSRF: Websphere Portal
-SSRF for kube-apiserver cloudprovider scene
-Full read SSRF that can leak aws metadata and local file inclusion (www.evernote.com)
-SSRF in PDF export with PhantomJs
-Java RMI services often vulnerable to SSRF attacks – research
-WonderCMS 3.1.3 Vulnerable To Authenticated Server-Side Request Forgery – CVE-2020-35313
-SSRF Attack Examples and Mitigations
-Easy SSRF from Wayback Machine
-SSRF & LFI In Uploads Feature
-Cross Site Port Attack in Wild
-Encrypting our way to SSRF in VMWare Workspace One UEM (CVE-2021-22054)
-Securing PDF Generators Against SSRF Vulnerabilities
-WordPress Core - Unauthenticated Blind SSRF
-Bug Bounty { How I found an SSRF ( Reconnaissance ) }
-Cloud is more fun with an SSRF
-Server side prototype pollution, how to detect and exploit
-SSRF via DNS Rebinding (CVE-2022–4096)
-A Tale of Open Redirection to Stored XSS
-Story of a $1k bounty — SSRF to leaking access token and other sensitive information
-The story of 3 bugs that lead to Unauthorized RCE — Pascom Systems
-Bypassing Cloudflare WAF: XSS via SQL Injection
-CRLF to Account takeover (chaining bugs)
-Internet Bug Bounty: High severity vulnerability in Apache HTTP Server could lead to RCE
-SSRF vulnerabilities caused by SNI proxy misconfigurations
-Checkmk: Remote Code Execution by Chaining Multiple Bugs (3/3)
-Exploiting Static Site Generators: When Static Is Not Actually Static
-Remote Code Execution in Spotify’s Backstage via vm2 Sandbox Escape (CVSS Score of 9.8)
-CVE-2022–42710: A journey through XXE to Stored-XSS
-Abusing JSON-Based SQL to Bypass WAF
-SSD Advisory – Galaxy Store Applications Installation/Launching without User Interaction
-Research | Bypass CSRF Protection w/ XSS
-RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass
-Prototype pollution project yields another Parse Server RCE
-Hijacking service workers via DOM Clobbering
-Pre-Auth RCE with CodeQL in Under 20 Minutes
-CVE-2022-41924 - RCE in Tailscale, DNS Rebinding, and You
-NodeBB prototype pollution flaw could lead to account takeover
-NETGEAR NIGHTHAWK R7000P AWS_JSON UNAUTHENTICATED DOUBLE STACK OVERFLOW VULNERABILITY
-The Story of a RCE on a Java Web Application
-Bypassing required reviews using GitHub Actions
-Achieving Remote Code Execution via Unrestricted File Upload
-Admin account takeover via weird Password Reset Functionality
-Node.js was vulnerable to a novel HTTP request smuggling technique
-Chaining Path Traversal with SSRF to disclose internal git repo data in a Bank Asset
-Visual Studio Code Jupyter Notebook RCE
-Exploiting Arbitrary Object Instantiations in PHP without Custom Classes
-Browser Exploitation: Firefox OOB to RCE
-From XSS to RCE (dompdf 0day)
-Bypassing Firefox's HTML Sanitizer API
-Tagged User Could Delete Facebook Story
-Arbitrary file read via the bulk imports UploadsPipeline
-How I Was Able To TakeOver Any Account On One Of Europe's Largest Media Companies
-Fuzzing the web for mysterious bugs
-Pre-Auth RCE with CodeQL in Under 20 Minutes
-Facebook SMS Captcha Was Vulnerable to CSRF Attack
-Hacking TMNF: Part 1 - Fuzzing the game server
-Hacking TMNF: Part 2 - Exploiting a blind format string
-RCE on Starbucks Singapore and more for $5600
-Bug Bounty Recon: Vertical Correlation (and the secret to succeeding)
-Critical Vulnerabilities in PHP Everywhere Allow Remote Code Execution
-Sesh Gremlin attack, RCE via password field & Pwning XMLSec for info disclosure and bounties
-Bypassing Intel DCM’s Authentication by Spoofing Kerberos and LDAP Responses (CVE-2022-33942)
-RCE on CS:GO client using unsanitized entity ID in EntityMsg message
-Full Account takeover (ATO) — a tale of two bugs
-A Scientific Notation Bug in MySQL left AWS WAF Clients Vulnerable to SQL Injection
-Chaining an Blind SSRF bug to Get an RCE
-How I Escalated a Time-Based SQL Injection to RCE
-Exploiting Password Reset Poisoning for account takeover and max bounty!
-CVE-2021-26084 Remote Code Execution on Confluence Servers
-Chaining Open Redirect with XSS to Account Takeover
-FORD Session token URL lead to Reflected XSS
-Escalating SSRF to Accessing all user PII information by aws metadata
-An Out Of Scope domain Leads To a Critical Bug[$1500]
-GraphQL exploitation – All you need to know
-GraphQL Security Testing Without a Schema
-GraphQL Batching Attacks: Turbo Intruder
-IDOR in GraphQL Query Leaking Private Photos of a Million $ App
-Header spoofing via a hidden parameter in Facebook Batch GraphQL APIs
-Getting started with Android Application Security
-Using an Android emulator for API hacking
-Android Penetration Testing Cheat Sheet
-Android Penetration Testing: Frida
-APKHunt - static code analysis tool for Android apps that is based on the OWASP MASVS framework
-Frida script to bypass common methods of sslpining Android
-ByPass SSL Pinning with IP Forwarding | iptables
-It's all about Bypassing Android SSL Pinning and Intercepting Proxy Unaware applications.
-SameSite cookie bypass on Android by redirecting to to intent-picker with PoC code ($5,000 bounty)
-Insecure deeplink leads to sensitive information disclosure
-How to Write Frida Hook For Android
-Reconator - Automated Recon for Pentesting & Bug Bounty
-Facebook Messenger for Android indirect thread deletion vulnerability
-Exploiting Request forgery on Mobile Applications
-Step-by-step guide to reverse an APK protected with DexGuard using Jadx
-Android security guides, roadmap, docs, courses, write-ups, and teryaagh
-TikTok for Android 1-Click RCE
-10 Vulnerable Android Applications for beginners to learn Android hacking
-Android security checklist: WebView
-Mobile MitM: Intercepting your Android App Traffic On the Go
-Mobile Bug Bounty Hunting? Enter BLE
-Set Up an Android Hacking Lab for $0
-MOBILE PENTESTING 101 – BYPASSING BIOMETRIC AUTHENTICATION
-Chaining bugs in Telegram for Android app to steal session-related files
-Intercept Flutter traffic on iOS and Android (HTTP/HTTPS/Dio Pinning)
-Android security checklist: theft of arbitrary files
-Basics on commands/tools/info on how to assess the security of mobile applications
-Discovering vendor-specific vulnerabilities in Android
-Accidental $70k Google Pixel Lock Screen Bypass
-Mobile App Scanner to Find Security Vulnerabilities
-Pixel 6 bootloader: Emulation, ROP (part 2)
-Pixel 6 Bootloader: Exploitation (part 3)
-Instagram vulnerability : Turn off all type of message requests using deeplink (Android)
-iOS Penetration Testing Cheat Sheet
-iOS Hacking - A Beginner's Guide to Hacking iOS Apps [2022 Edition]
-iOS jailbreak dev wins $2M bounty for finding critical Optimism bug
-Hacking the Apple Webcam (again)
-Exploring iOS Applications with Frida and Objection: Basic Commands for Pentesting
-Insecure deeplink leads to sensitive information disclosure
-How to Reverse Engineer and Patch an iOS Application for Beginners:
-Reverse Engineering the Apple MultiPeer Connectivity Framework
-CVE-2022-32929 - Bypass iOS backup's TCC protection
-Hyperpom: An Apple Silicon Fuzzer for 64-bit ARM Binarie
-CVE-2022-32929 - Bypass iOS backup's TCC protection
-Bypass Apple’s redirection process with the dot (“.”) character
-Burp Suite Extensions: Rarely Utilized but Quite Useful
-Burp Suite - solving E-mail and SMS TAN multi-factor authentication with Hackvertor custom tags
-Finding CSRF Vulnerabilities with BurpSuite
-HTTP Signatures: A Burp Suite Extension Implementing HTTP Signatures
-Browser powered scanning in Burp Suite
-Learn how to write a Burp Suite extension in Kotlin – Setting up
-Using Intruder to Brute Force Authorization Header
-CaA - BurpSuite Collector and Analyzer
-x8 Hidden parameters discovery suite
-Params — Discovering Hidden Treasure in WebApps
-Life’s a Peach (Fuzzer) How to Build and Use GitLab’s Open-Source Protocol Fuzzer
-Notes about attacking Jenkins servers
-A Case Study of API Vulnerabilities
-What is BOLA? 3-digit bounty from Topcoder ($$$)
-New Cosmos Blockchain API DoS
-Using an Undocumented Amplify API to Leak AWS Account IDs
-Trigger custom URL in Medium Android app
-How to Exploit Public Firebase Realtime Database using REST API
-Microsoft Dynamics Container Sandbox RCE via Unauthenticated Docker Remote API 20,000$ Bounty
-Compromising Plesk via its REST API
-Missing Bricks: Finding Security Holes in LEGO APIs
-Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js Library
-RCE on admin panel of web3 website
-ChainWalker is a smart contract scraper which uses RCP/IPC calls to extract the information
-Hunting For Mass Assignment Vulnerabilities Using GitHub CodeSearch and grep.app
-Velas Infinite Mint Vulnerability Writeup
-Xiongmai IoT Exploitation -Turning Google smart speakers into wiretaps for $100k
-BigQuery SQL Injection Cheat Sheet
-Galaxy Bug Bounty : Tips and Tutorials for Bug Bounty and also Penetration Tests
-Spring RCE vulnerability reproduction environment
-PoC - Spring Core RCE 0-day Vulnerability
-How I hacked my car (2021 Hyundai Ioniq SEL) : Part 1
-How I hacked my car (2021 Hyundai Ioniq SEL) : Part 2
-How I hacked my car (2021 Hyundai Ioniq SEL) : Part 3
-Reverse engineering an EV charger