| 05-01-23 |
1 |
Solstice VM Walkthrough |
| 06-01-23 |
2 |
Command Injection-By-Harsh-Bothra |
| 07-01-23 |
3 |
PG-Play : ICMP BOX Walkthrough by S1Ren |
| 08-01-23 |
4 |
Aditya Shende Writeup |
| 09-01-23 |
5 |
Subdomain Takeover |
| 10-01-23 |
6 |
Beginners Guide to Container Security |
| 11-01-23 |
7 |
Json Web Tokens |
| 12-01-23 |
8 |
HTB-Seventeen |
| 13-01-23 |
9 |
All you need to know about JWT Pt. 2 |
| 14-01-23 |
10 |
The Ultimate Guide to SQL Injection |
| 15-01-23 |
11 |
Infosec Writeup |
| 16-01-23 |
12 |
huntr-dev-XSS-Writeup |
| 17-01-23 |
13 |
huntr-dev-File-Upload-Writeup |
| 18-01-23 |
14 |
huntr-dev-Path-Traversal-Writeup |
| 19-01-23 |
15 |
Uploading the Webshell using filename of Content-Disposition Header Story! |
| 20-01-23 |
16 |
XSS in Integration URL in linagora/twake |
| 21-01-23 |
17 |
Access Control Violation - Sensitive Data Exposure |
| 22-01-23 |
18 |
How A Simple IDOR Led Me To Delete Any Account |
| 23-01-23 |
19 |
- Vulnerable-Code-Snippet:1
- WebSockets Security Explained For Security Enthusiasts
|
| 24-01-23 |
20 |
- SecurityExplained S-13: Vulnerable Code Snippet - 2
- Exploiting Open Redirect – Whitelist Bypass Using Salesforce Environment
|
| 25-01-23 |
21 |
Weak password policy : Old password can be set as new password in ikus060/rdiffweb |
| 26-01-23 |
22 |
Bypassing application logic to set a blank password in ikus060/rdiffweb |
| 27-01-23 |
23 |
XSS in RSS Description Link in glpi-project/glpi |
| 28-01-23 |
24 |
- Weaponizing self-xss
- Discovered Reflected Cross-Site Scripting Vulnerable into Shaadi.com
|
| 29-01-23 |
25 |
Understanding Server Side Template Injection In Flask Apps |
| 30-01-23 |
26 |
Exploring SSTI In Flask/Jinja2 |
| 31-01-23 |
27 |
- Find and Exploit NoSQL Injection
- How to Directory Brute Force Properly
|
| 01-02-23 |
28 |
Cross-site Scripting (XSS) - Stored in projectsend/projectsend |
| 02-02-23 |
29 |
- parser bypass and make SSRF attack in ionicabizau/parse-url
- SSRF in feeds in glpi-project/glpi
- NahamCon2022EU: Till REcollapse: Fuzzing the Web for Mysterious Bugs by @0xacb
|
| 03-02-23 |
30 |
Ultimate Guide To SQL Injection – Part I |
| 04-02-23 |
31 |
What is DOM-based XSS (cross-site scripting)? |
| 05-02-23 |
32 |
Research How can Local File Inclusion lead to RCE |
| 06-02-23 |
33 |
- RCE in Wordnet Browser in nltk/nltk
- Bypass All Captchas in the application in thorsten/phpmyfaq
|
| 07-02-23 |
34 |
- What Should You Do After Recon?!
- Multiple Ways to Crack WordPress login
|
| 08-02-23 |
35 |
- HTTP Query String Injection in unjs/unstorage
- Open Redirect on "returnUrl=" parameter in btcpayserver/btcpayserver
|
| 09-02-23 |
36 |
- Subdomain Takeover: Proof Creation for Bug Bounties
- CTF LFI Challenge December
|
| 10-02-23 |
37 |
Hacking Web Cache - Deep Dive in Web Cache Poisoning Attacks |
| 11-02-23 |
38 |
- SecurityExplained S-15: Vulnerable Code Snippet - 3
- SecurityExplained S-16: Vulnerable Code Snippet - 4
- SecurityExplained S-17: Vulnerable Code Snippet - 5
|
| 12-02-23 |
39 |
- SecurityExplained S-18: Vulnerable Code Snippet - 6
- SecurityExplained S-19: Vulnerable Code Snippet - 7
- SecurityExplained S-20: Vulnerable Code Snippet - 8
|
| 13-02-23 |
40 |
2 FA Bypassing Methods & Techniques |
| 14-02-23 |
41 |
- SecurityExplained S-21: Vulnerable Code Snippet - 9
- SecurityExplained S-22: Vulnerable Code Snippet - 10
- SecurityExplained S-23: Vulnerable Code Snippet - 11
|
| 15-02-23 |
42 |
- SecurityExplained S-24: Vulnerable Code Snippet - 12
- SecurityExplained S-25: Vulnerable Code Snippet - 13
- SecurityExplained S-26: Vulnerable Code Snippet - 14
|
| 16-02-23 |
43 |
- SecurityExplained S-27: Vulnerable Code Snippet - 15
- SecurityExplained S-28: Vulnerable Code Snippet - 16
- SecurityExplained S-29: Vulnerable Code Snippet - 17
|
| 17-02-23 |
44 |
Spot The Vulnerability XSS Challenge Simplified |
| 18-02-23 |
45 |
Basics Of HTTP Request Smuggling |
| 19-02-23 |
46 |
HTTP REQUEST SMUGGLING PART-2 |
| 20-02-23 |
47 |
A GUIDE TO SERVER SIDE REQUEST FORGERY(SSRF) |
| 21-02-23 |
48 |
Deep Dive Into Android Security |
| 22-02-23 |
49 |
Getting Started Into Android Security Part 2 |
| 23-02-23 |
50 |
Oauth A Feature To Vulnerability |
| 24-02-23 |
51 |
Broken Access Control in francoisjacquet/rosariosis |
| 25-02-23 |
52 |
Limited LFI via Path Traversal in salesagility/suitecrm |
| 26-02-23 |
53 |
Prevent account takeover with proper cookie configuration |
| 27-02-23 |
54 |
Arbitrary txt files deletion (authenticated) in nilsteampassnet/teampass |
| 28-02-23 |
55 |
How I hacked into a company with 200,000+ users |
| 01-03-23 |
56 |
Networking Pivoting via SSH |
| 02-03-23 |
57 |
SecurityExplained S-30: Vulnerable Code Snippet - 18 |
| 03-03-23 |
58 |
Mobile Application Pentesting: Analyzing Common Vulnerabilities |
| 04-03-23 |
59 |
SQL Injection in 'core/ajax/ajax_data.php' in unilogies/bumsys |
| 05-03-23 |
60 |
A New Vector For “Dirty” Arbitrary File Write to RCE |
| 06-03-23 |
61 |
Cross-Site Request Forgery (CSRF) Explained |
| 07-03-23 |
62 |
- Stored DOM-based Cross-site Scripting in Tags Functionality in answerdev/answer
- SQL Injection in Custom Fields in phpipam/phpipam
|
| 08-03-23 |
63 |
XSS via Client Side Template Injection in btcpayserver/btcpayserver |
| 09-03-23 |
64 |
How to Write your First Nuclei Template ? |
| 10-03-23 |
65 |
Authentication Bypass for users with MD5 password hash in froxlor/froxlor |
| 11-03-23 |
66 |
RCE using bad deserialization in builderio/qwik |
| 12-03-23 |
67 |
IDOR to delete memo from archives in usememos/memos |
| 13-03-23 |
68 |
- CSRF leading to delete a domain in modoboa/modoboa
- CSRF leading to delete a user in modoboa/modoboa
|
| 14-03-23 |
69 |
Idor disclose other user's appointment in openemr/openemr |
| 15-03-23 |
70 |
Unauthenticated OS in stamparm/maltrail in stamparm/maltrail |
| 16-03-23 |
71 |
XSS in Document Types module in Settings in pimcore/pimcore |
| 17-03-23 |
72 |
IDOR in ilsteampassnet/teampass |
| 18-03-23 |
73 |
Phar Deserialization of Untrusted Data in knplabs/snappy |
| 19-03-23 |
74 |
Active Directory Series: Active Directory Fundamentals |
| 20-03-23 |
75 |
SVG Sanitization Bypass - XSS in imgproxy/imgproxy |
| 21-03-23 |
76 |
How I Found Business Logic Vulnerability in Google Pay |
| 22-03-23 |
77 |
SQLi in API authorization check in nilsteampassnet/teampass |
| 23-03-23 |
78 |
SECURING AD WHEN ANONYMOUS USERS MUST HAVE ACCESS |
| 24-03-23 |
79 |
Blind LFI in register-model/get?name= in mlflow/mlflow |
| 25-03-23 |
80 |
LFI/RFI in MLflow in mlflow/mlflow |
| 26-03-23 |
81 |
mitm6 – compromising IPv4 networks via IPv6 |
| 27-03-23 |
82 |
Unhandled SWF Tags in MP4Box: in GPAC in gpac/gpac |
| 28-03-23 |
83 |
how-to-shut-down-a-plant-remotely |
| 29-03-23 |
84 |
Autenticated Stored (XSS) in pluck-cms/pluck |
| 30-03-23 |
85 |
token forgery in deepset-ai/haystack |
| 31-03-23 |
86 |
XSS @ records in thorsten/phpmyfaq |
| 01-04-23 |
87 |
RCE by SSTI Injection in microweber/microweber |
| 02-04-23 |
88 |
Captcha Bypass in answerdev/answer |
| 03-04-23 |
89 |
SIGSEGV libr/bin/p/bin_ radareorg/radare2 |
| 04-04-23 |
90 |
SecurityBoat Dynamic Challenge SSRF Solution |
| 05-04-23 |
91 |
SQLi at /front/report.dynamic.php in glpi-project/glpi |
| 06-04-23 |
92 |
BAC in Vote/Friend Function in pbboard/pbboard-3.0.4 |
| 07-04-23 |
93 |
Guide to Parameter Enumeration |
| 08-04-23 |
94 |
IDOR-leads to account takeover in glpi-project/glpi |
| 09-04-23 |
95 |
Formula injection via Full Name in chatwoot/chatwoot |
| 10-04-23 |
96 |
CSRF & Bypasses |
| 11-04-23 |
97 |
Password reset link not expired in answerdev/answer |
| 12-04-23 |
98 |
Exploiting Server Side Request Forgery (SSRF) in an API |
| 13-04-23 |
99 |
Stored XSS in nilsteampassnet/teampass |
| 14-04-23 |
100 |
RCE-File Write in froxlor/froxlor |
| 15-04-23 |
101 |
Restriction-Excessive-Authentication |
| 16-04-23 |
102 |
password validation. in limesurvey/limesurvey |
| 17-04-23 |
103 |
HTTP Parameter Pollution (English) |
| 18-04-23 |
104 |
password validation.in limesurvey/limesurvey |
| 19-04-23 |
105 |
A detailed guide to OSINT |
| 20-26 |
106-112 |
SQL Injection leads to code execution in unilogies/bumsys |
| 27-04-23 |
113 |
Cross site scripting on the login page in pimcore/pimcore |
| 28-04-23 |
114 |
Path Traversal in code in unilogies/bumsys |
| 29-04-23 |
115 |
Weaponizing Reflected XSS to Account Takeover |
| 30-04-23 |
116 |
Reflected xss on login.php leads to account takeover |
| 01-05-23 |
117 |
EmailAddress Manipulation Vulnerability in thorsten/phpmyfaq |
| 02-05-23 |
118 |
Zero-Click Remote Code Execution in appium/appium-desktop |
| 03-05-23 |
119 |
Multiple SQL Injections in salesagility/suitecrm |
| 04-05-23 |
120 |
AWS_Cognito_Misconfigurations:The_Silent_Killer |
| 05-05-23 |
121 |
Broken Rate Limiting in azuracast/azuracast |
| 06-05-23 |
122 |
Stored XSS on items in Folder in nilsteampassnet/teampass |
| 07-05-23 |
123 |
How I found XSS via SSRF vulnerability -Adesh Kolte |
| 08-05-23 |
124 |
API6 - Mass Assignment-crAPI |
| 09-05-23 |
125 |
Solved-lab:Blind SQL Injection with Conditional Responses |
| 10-05-23 |
126 |
CSV-Injection-in-pimcore/customer-data-framework |
| 11-05-23 |
127 |
Escalating SSRF to RCE |
| 12-05-23 |
128 |
Lack of brute force protection in linagora/twake |
| 13-05-23 |
129 |
Chaining vulnerabilities leads to account takeover |
| 14-05-23 |
130 |
Solved:Stocker From HTB |
| 15-05-23 |
131 |
XSS leading to session hijacking in pandorafms/pandorafms |
| 16-05-23 |
132 |
XSS to RCE found in Trilium in zadam/trilium |
| 17-05-23 |
133 |
Possible URL spoofing on wildcard path in unjs/h3 |
| 18-05-23 |
134 |
Stored xss leads to doctor / admin account takeover |
| 19-05-23 |
135 |
Insecure Temporary File in huggingface/transformers |
| 20-05-23 |
136 |
Local File Read Bypass in mlflow/mlflow in mlflow/mlflow |
| 21-05-23 |
137 |
Bug Bounty Hunter Mindset - Yassine Aboukir |
| 22-05-23 |
138 |
Stored XSS and CSP Bypass in KiwiTCMS in kiwitcms/kiwi |
| 23-05-23 |
139 |
XML External Entity (XXE) injection in sympy in sympy/sympy |
| 24-05-23 |
140 |
Stored HTML injection in nilsteampassnet/teampass |
| 25-05-23 |
141 |
IDOR leading to Privilege Escalation! |
| 26-05-23 |
142 |
Building a Password Cracker in Rust |
| 27-05-23 |
143 |
HTTP Request Smuggling Basics |
| 28-05-23 |
144 |
Blind SQLi |
| 29-05-23 |
145 |
How a simple Directory Listing leads to PII Data Leakage,RCE |
| 30-05-23 |
146 |
Security source code review expert - Shubham Shah |
| 31-05-23 |
147 |
Stored XSS bypass in "FAQ" in thorsten/phpmyfaq |
| 01-06-23 |
148 |
5 Ways I Bypassed Your Web Application Firewall (WAF) |
| 02-06-23 |
149 |
XSS at User-Agent of Headers in mkucej/i-librarian-free |
| 03-06-23 |
150 |
Attacker can turn off 2FA of the Admin in tsolucio/corebos |
| 04-06-23 |
151 |
Bypass change password policy in tsolucio/corebos |
| 05-06-23 |
152 |
BAC On Item via ID in nilsteampassnet/teampass |
| 06-06-23 |
153 |
Stored XSS Via SVG Upload in kiwitcms/kiwi |
| 07-06-23 |
154 |
Chaining HTML injection to XSS lead to steal Cookie |
| 08-06-23 |
155 |
HTML INJECTION LEADS TO OPEN REDIRECT |
| 09-06-23 |
156 |
Web Services And Its Attack Types |
| 10-06-23 |
157 |
HTML Injection in Folder Name in nilsteampassnet/teampass |
| 11-06-23 |
158 |
File Path Traversal Vulnerability in froxlor/froxlor |
| 12-06-23 |
159 |
Session Fixation in froxlor/froxlor |
| 13-06-23 |
160 |
Bypassing Firewalls: Going Beyond Source Port Manipulation |
| 14-06-23 |
161 |
Userscan order Add-Ons Separately in fossbilling/fossbilling |
| 15-06-23 |
162 |
westillcanorderthe product even it is disabled in fossbilling/fossbilling |
| 16-06-23 |
163 |
SQLI in the "Users" function of Piwigo in piwigo/piwigo |
| 17-06-23 |
164 |
DOM XSS and openredirect in saleor/react-storefront |
| 18-06-23 |
165 |
IDOR in message deletion in admidio/admidio |
| 19-06-23 |
166 |
The user can delete himself in limesurvey/limesurvey |
| 20-06-23 |
167 |
Bypassing Okta SSO=> HTTPS/HTTP |
| 21-06-23 |
168 |
Formula Injection in CSV export feature in admidio/admidio |
| 22-06-23 |
169 |
Stored XSS in module named in salesagility/suitecrm-core |
| 23-06-23 |
170 |
Privilege Escalation Vulnerabilityin fossbilling/fossbilling |
| 24-06-23 |
171 |
Session Fixation Vulnerability in fossbilling/fossbilling |
| 25-06-23 |
172 |
SSTI leads to RCE in fossbilling/fossbilling |
| 26-06-23 |
173 |
Arbitrary Code Execution in Apache BRPC in apache/brpc |
| 27-06-23 |
174 |
CSRF Leading to reset Boxes in limesurvey/limesurvey |
| 28-06-23 |
175 |
URL Restriction Bypass in plantuml/plantuml |
| 29-06-23 |
176 |
Leak Secret tokens by changing baseURL nuxt-api-party |
| 30-06-23 |
177 |
wecan still send the photo asthe albums is locked in admidio |
| 01-07-23 |
178 |
RCE via File upload in fossbilling/fossbilling |
| 02-07-23 |
179 |
SQLI in searchArticles function in fossbilling/fossbilling |
| 03-07-23 |
180 |
CSV Injection while export users in fossbilling/fossbilling |
| 04-07-23 |
181 |
IncorrectAuthorizationleads-delete-userlimesurvey/limesurvey |
| 05-07-23 |
182 |
Stored XSS in kiwitcms/kiwi |
| 06-16 |
183-193 |
- SQL injection in some Admin Sort functions
- Cross site scripting in Admidio 4.2.9 via headline parameter
- Stored XSS on user "Category report" function
- Cross-Site Request Forgery lead to lock and unlock Album
- Stored XSS on user "Edit own profile" function
- Stored XSS on user "Write private message" function
- Vulnerable CKEditor used on version 4.2.9
- Broken Access Control on Private Message Function
- Exposure version installed on the system
- Mongoose Prototype Pollution Vulnerability in automattic/mongoose
- IDOR can make attackers add or close others' unavaiable in alextselegidis/easyappointments
|
| 17-07-23 |
194 |
BUG BOUNTY: ANDROID APPLICATION PENETRATION TESTING #1 2023 |
| 18-07-23 |
195 |
Potential-XSS injection in stuff and say attributes in i40west/obfumatic |
| 19-07-23 |
196 |
Common mistakes when using permissions in Android |
| 20-07-23 |
197 |
Exploiting memory corruption vulnerabilities on Android |
| 21-07-23 |
198 |
How i buy a subdomain of Tokopedia’s website |
| 22-07-23 |
199 |
SQL injection in Data Objects function in pimcore/pimcore |
| 23-07-23 |
200 |
Exploit Writing 101 - Beyond Just Reporting Bugs |
| 24-07-23 |
201 |
Confidentialinformation provided to user with no permissions in pimcore/pimcore |
| 25-07-23 |
202 |
Account Takeover via Email Confirmation |
| 26-07-23 |
203 |
BUG BOUNTY: DEEP RECON INTO THE WEB APPLICATION |
| 27-07-23 |
204 |
XSS on Microsoft.com via Angular Js template injection |
| 28-07-23 |
205 |
Netflix Party — XSS Vulnerabilities |
| 29-07-23 |
206 |
Always escalate! From Self-XSS to Persistent XSS on Login Portal |
| 30-07-23 |
207 |
XSS WAF & Character limitation bypass like a boss |
| 31-07-23 |
208 |
XSS on Sony subdomain |
| 01-08-23 |
209 |
Clickjacking DOM XSS on Google.org |
| 02-08-23 |
210 |
My first valid xss(@Hackerone) |
| 03-08-23 |
211 |
Instagram/Meta Clickjacking Leads to MakePrivateAccountPublic |
| 04-08-23 |
212 |
What I learned from reading 126* Information Disclosure Writeups |
| 05-08-23 |
213 |
How did I find information Disclosure on Facebook-Writeup |
| 06-08-23 |
214 |
Information Disclosure |
| 07-08-23 |
215 |
AEM misconfiguration leads to Information disclosure |
| 08-08-23 |
216 |
Misconfigured WordPress takeover to Remote Code Execution |
| 09-08-23 |
217 |
Chaining Self XSS with UI Redressing is Leading to Session Hijacking |
| 10-08-23 |
218 |
Response manipulation worth 2000$ |
| 11-08-23 |
219 |
5500$ Bug Story - Ezzy 2FA Bypass |
| 12-08-23 |
220 |
Random stuff by yappare |
| 13-08-23 |
221 |
From Revealing Emails to Taking Over Accounts (Hacking Telecom) |
| 14-08-23 |
222 |
CORS Misconfiguration on nordvpn.com leading to Private Information Disclosure,Account takeover |
| 15-08-23 |
223 |
Rate Limit Misconfiguration on tumblr login |
| 16-08-23 |
224 |
First Bug Bounty Program found CORS (Cross Origin Resource Sharing ) Misconfiguration |
| 17-08-23 |
225 |
Password Reset via OTP BYPASS — response manipulation |
| 18-08-23 |
226 |
How to Get Unique Subdomains on Large scope |
| 19-08-23 |
227 |
OTP bypass and Account takeover using response manipulation |
| 20-08-23 |
228 |
Pivoting Entire Network with Chisel |
| 21-08-23 |
229 |
Lateral movement between two domains without abusing Trust Relationships. |
| 22-08-23 |
230 |
Bypass Two-Factor Authentication of Facebook Accounts ($25,300) |
| 23-08-23 |
231 |
Windows Domains, Pivot & Profit |
| 24-08-23 |
232 |
ALL about OSCP Pivoting AD Lateral Movement, ligolo-ng, chisel, sshuttle |
| 25-08-23 |
233 |
Enumerating AD users with LDAP |
| 26-08-23 |
234 |
Cross-site Scripting (XSS) - Stored in hestiacp/hestiacp |
| 27-08-23 |
235 |
Open Directory |
| 28-08-23 |
236 |
Found SSRF and LFI in Just 10 minutes of using burp! |
| 29-08-23 |
237 |
Uncovering Vulnerabilities: Security Flaws Discovered on the Indian Prime Minister’s Website |
| 30-08-23 |
238 |
IDOR in Users Edit screen in omeka/omeka-s |
| 31-08-23 |
239 |
SSRF Blind in the image upload module via url in instantsoft/icms2 |
| 01-09-23 |
240 |
How I found a No Rate Limit bug |
| 02-09-23 |
241 |
There is no rate limit for SME REGISTRATION PORTAL |
| 03-09-23 |
242 |
Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos |
| 04-09-23 |
243 |
privilege escalation : Low access user can view Admin PRIVATE POST by using PIN functionality in usememos/memos |
| 05-09-23 |
244 |
https://github.com/ctflearner/Learn365/blob/main/Days/Day244.md |
| 06-09-23 |
245 |
XSS at file uploading in instantsoft/icms2 |
| 07-09-23 |
246 |
IDOR Vulnerability Allow Low-Level User change role Everyone Includes Admin in answerdev/answer |
| 08-09-23 |
247 |
Leaked Database and SMTP credentials through .env file |
| 09-09-23 |
248 |
How I got RXSS from Shodan |
| 10-09-23 |
249 |
How I placed into Apple Hall of Fame in 5 Minutes |
| 11-09-23 |
250 |
Improver Validation of File Name Causes RCE in tenpi/music-player |
| 12-09-23 |
251 |
SQL injection and Authentication bypass in mintplex-labs/anything-llm |
| 13-09-23 |
252 |
Account Takeover at https://trello.com |
| 14-09-23 |
253 |
SQL Injection Vulnerability in Content Page in instantsoft/icms2 |
| 15-09-23 |
254 |
HTML Injection in librenms/librenms |
| 16-09-23 |
255 |
Exploiting Broken Access Control Vulnerability |
| 17-09-23 |
256 |
22.6k+ GitHub Stars Note-Taking App Hit by Critical XSS Vulnerability |
| 18-09-23 |
257 |
XSS/CSRF in GetImage Endpoint in usememos/memos |
| 19-09-23 |
258 |
How I Got 4 SQLI Vulnerabilities At One Target Manually Using The Repeater Tab |
| 20-09-23 |
259 |
Multiple Self-XSS Vulnerabilites in hestiacp/hestiacp |
| 21-09-23 |
260 |
Application allows large characters to insert in the input field "Add new table"... in nocodb/nocodb |
| 22-09-23 |
261 |
XML injection vulnerability: Examples, cheatsheet and prevention |
| 23-09-23 |
262 |
How I Hacked the Exam Portals of 1000+ Indian Institutions Including LPU, IIT Bombay, IIT Kanpur, VIT, SRM, UPES, GITAM, GNA University, and More, Impacting Over 1 Million Students and 65,000+ Teachers. |
| 24-09-23 |
263 |
No rate limit lead to otp brute forcing |
| 25-09-23 |
264 |
Stored XSS via user's Username in limesurvey/limesurvey |
| 26-09-23 |
265 |
How I Mass hunt for Admin Panel Access… |
| 27-09-23 |
266 |
Stored XSS in description of theme in limesurvey/limesurvey |
| 28-09-23 |
267 |
Basics of API Security – Part 1 |
| 29-09-23 |
268 |
No rate limiting on creating access token in ikus060/rdiffweb |
| 30-09-23 |
269 |
Secret information exfiltration by hard coding twitter API keys in microweber/microweber |
| 01-10-23 |
270 |
Store DOM XSS in Edit configuration in thorsten/phpmyfaq |
| 02-10-23 |
271 |
Stored XSS at LOGO+USER menu in instantsoft/icms2 |
| 03-10-23 |
272 |
Insufficient access control in the export functionality for the 'Groups' module exposing user password hashes in salesagility/suitecrm |
| 04-10-23 |
273 |
Stored XSS in the Cases functionality in salesagility/suitecrm |
| 05-10-23 |
274 |
Open Redirect in mosparo/mosparo |
| 06-10-23 |
275 |
XSS Steal Cookies |
| 07-10-23 |
276 |
Stored Cross Site Scripting (XSS) in snipe/snipe-it |
| 08-10-23 |
277 |
RXSS in onpremises version of structurizr in structurizr/onpremises |
| 09-10-23 |
278 |
Account takeover via leaked session cookie |
| 10-10-23 |
279 |
Incorrect Authorization in User role in limesurvey/limesurvey |
| 11-10-23 |
280 |
CSRF in Send Reminder in snipe/snipe-it |
| 12-10-23 |
281 |
Account takeover due to misconfiguration |
| 13-10-23 |
282 |
HTML injection Leads to Open redirection in froxlor/froxlor |
| 14-10-23 |
283 |
HackTheBox Business CTF 2023 – Crypto |
| 15-10-23 |
284 |
No rate limit on sending magic link to sign-in in vriteio/vrite |
| 16-10-23 |
285 |
Time-Based Blind SQL injection leads to database extraction in librenms/librenms |
| 17-10-23 |
286 |
Don't Trust the Host Header for Sending Password Reset Emails |
| 18-10-23 |
287 |
CSRF in Payment Types in pkp/ojs |
| 19-10-23 |
288 |
Android Pentesting 101: A Novice’s Handbook to Getting Started |
| 20-10-23 |
289 |
leaked all users names from a user without known permissions in wagtail/wagtail |
| 21-10-23 |
290 |
DOM Cross Side Scripting in modoboa/modoboa |
| 22-10-23 |
291 |
How I saved 2.8 Million PII of Indian citizens from hackers. |
| 23-10-23 |
292 |
Cross-site Scripting (XSS) - Stored in janeczku/calibre-web |
| 24-10-23 |
293 |
Cross-site scripting (XSS) stored in href bypasses filter using data wrapper in janeczku/calibre-web |
| 25-10-23 |
294 |
Blind Sql Injection in https://█████/qsSearch.aspx |
| 26-10-23 |
295 |
An agent without permission has the ability to update, add, or delete FAQ items in osticket/osticket |
| 27-10-23 |
296 |
Time-base SQL Injection in Search Users |
| 28-10-23 |
297 |
Improper input validation leads to arbitrary file deletion in mintplex-labs/anything-llm |
| 29-10-23 |
298 |
Password Reset link hijacking via Host Header Poisoning in linkstackorg/linkstack |
| 30-10-23 |
299 |
IDOR - Users can change Administrator information (User ID = 1 ) in limesurvey/limesurvey |
| 31-10-23 |
300 |
Store DOM XSS in FAQ in thorsten/phpmyfaq |
| 01-11-23 |
301 |
Stored XSS in module named "New Submissions" in pkp/pkp-lib |
| 02-11-23 |
302 |
Improper Access Control That Leads to Privilege Escalation / Account Takeover in glpi-project/glpi |
| 03-11-23 |
303 |
Theft of Arbitrary Files from non-exported FileProvider via improper implementation of setResult in WelcomeScreen.kt in teamamaze/amazefileutilities |
| 04-11-23 |
304 |
$7000 Bounty on a Single Web Application |
| 05-11-23 |
305 |
CSRF Delete Navigation Menu Items in pkp/pkp-lib |
| 06-11-23 |
306 |
SAML 2.0: A Brief Conceptual Overview |
| 07-11-23 |
307 |
How I sent multiple payment requests on PhonePe, Paytm, and Google Pay |
| 08-11-23 |
308 |
user can still comment the unpublish blog in microweber/microweber |
| 09-11-23 |
309 |
User sends email to group member, while not having general user group permissions in limesurvey/limesurvey |
| 10-11-23 |
310 |
How I got Access to a Company’s Auth0 Management API !! |
| 11-11-23 |
311 |
CVE-2023-29489 XSS in cpanel at [www.███] - Securado, Oman |
| 12-11-23 |
312 |
Disabled accounts still work normally in pkp/pkp-lib |
| 13-11-23 |
313 |
How to Upgrade Your XSS Bugs from Medium to Critical |
| 14-11-23 |
314 |
CVE-2023-27537: HSTS double-free |
| 15-11-23 |
315 |
First step of IOS Pentesting Approaching IOS application for Pentesting (Beginner Edition ) |
| 16-11-23 |
316 |
Reflected XSS via Upgrade Wizard in salesagility/suitecrm |
| 17-11-23 |
317 |
LFI in Ray API in ray-project/ray |
| 18-11-23 |
318 |
Relative path traversal in vertaai/modeldb |
| 19-11-23 |
319 |
Breaking Barriers: Unmasking the Easy Password Validation Bypass in Security Key Registration How a Dumb Frontend Led to 750 $ Bounty |
| 20-11-23 |
320 |
Unauthorized Access and Content Modification in h20-r S3 Bucket which is used in .sh and docker file leads to spread of malicious R package which can lead to remote code execution in h2oai/h2o-3 |
| 21-11-23 |
321 |
Bug Bounty Target Deep Dive |
| 22-11-23 |
322 |
Can use csrf to steal/modify block content, artifact content, variables possibly leading to RCE when the dashboard is running on a developers workstation in prefecthq/prefect |
| 23-11-23 |
323 |
Code injection in cpu_profile format parameter in ray-project/ray |
| 24-11-23 |
324 |
Pentesting Linux Thick Client Applications |
| 25-11-23 |
325 |
CVE-2023-23914: HSTS ignored on multiple requests |
| 26-11-23 |
326 |
Easy $500 Vulnerabilities! // How To Bug Bounty |
| 27-11-23 |
327 |
[Quora Android] Possible to steal arbitrary files from mobile device |
| 28-11-23 |
328 |
Passcode Protection in Android Devices Can be Bypassed. |
| 29-11-23 |
329 |
Reverse Engineering APK an Android app |
| 30-11-23 |
330 |
2 click Remote Code execution in Evernote Android |
| 01-12-23 |
331 |
Vulnerabilities in exported activity WebView |
| 02-12-23 |
332 |
Cross Site Scripting (XSS) in Layers of Image in viliusle/minipaint |
| 03-12-23 |
333 |
Android App Bug Bounty Secrets |
| 04-12-23 |
334 |
[Grab Android/iOS Insecure deeplink leads to sensitive information disclosure |
| 05-12-23 |
335 |
CVE-2020-8913 |
| 06-12-23 |
336 |
PDF Upload Leading to Stored XSS |
| 07-12-23 |
337 |
DoS via Password Strength Checker Function |
| 08-12-23 |
338 |
Identity Aware Proxy for Securing GCP Applications: Part-01 |
| 09-12-23 |
339 |
Javascript Analysis to SQL injection |
| 10-12-23 |
340 |
New payload to exploit Error-based SQL injection - Oracle database |
| 11-12-23 |
341 |
Initial access |
| 12-12-23 |
342 |
Leaking error content at upload file in microweber/microweber |
| 13-12-23 |
343 |
631-burpsuite-101-going-deep-into-intruder |
| 14-12-23 |
344 |
Understanding Directory Traversal Vulnerabilities |
| 15-12-23 |
345 |
unveiling-mobile-app-security-a-comprehensive-guide |
| 16-12-23 |
346 |
how-i-found-130-sub-domain-takeover-vulnerabilities-using-nuclei |
| 17-12-23 |
347 |
Updated Beginners Guide to API Bug Bounty |
| 18-12-23 |
348 |
Recon in Cybersecurity #11 - The Never Ending JS Files |
| 19-12-23 |
349 |
Recon in Cybersecurity #12 - Digging into The Past with WaybackMachine |
| 20-12-23 |
350 |
PostgreSQL SELECT only RCE |
| 21-12-23 |
351 |
how-can-i-account-take-over-any-account |
| 22-12-23 |
352 |
understanding-edr-vs-xdr-differences-and-the-future-outlook |
| 23-12-23 |
353 |
Hacking with The Internet Time Machine |
| 24-12-23 |
354 |
The ART of Chaining Vulnerabilities |
| 25-12-23 |
355 |
How a simple Directory Listing leads to PII Data Leakage, Remote Code Execution and many more vulnerabilities on a HR management subdomain |
| 26-12-23 |
356 |
From Django Debug Mode to PII Data Leak of more than 500+ Employees due Broken Access Control and IDOR |
| 27-12-23 |
357 |
How to Bypass Device Verification for Email & Login Forms? — no cookies required! |
| 28-12-23 |
358 |
Recon in Cybersecurity #13 - A Primer on Reporting - Don't Sabotage Yourself |
| 29-12-23 |
359 |
Store XSS in Notifications Menu in instantsoft/icms2 |
| 30-12-23 |
360 |
AWS S3 Enumeration Basics |
| 31-12-23 |
361 |
DoS via abusing the Upload Function |
| 01-01-24 |
362 |
Possible XSS vulnerability without a content security bypass |
| 02-01-24 |
363 |
How to turn SQL injection into an RCE or a file read? Case study of 128 bug bounty reports |
| 03-01-24 |
364 |
Path traversal to RCE in Android — Mobile Hacking Lab ‘Document Viewer’ write-up |
| 04-01-24 |
365 |
CSP Bypass ”script-src” – Detailed Writeup |