Mostly, penetration testing can use the extensions for the purpose to locate the broken links and inform the client, and these extensions also help to determine whether a target website contains vulnerabilities that can lead to adversarial exploitations and sensitive information theft. Here are the different chrome extensions that are used by penetration testing…. Wappalyzer…
Hi guys ,This is Neil Harvey Miñano a Newbie security researcher from Philippine.This is my 1st write-up and also I am not good at XSS so forgive all mistakes.It was 04/20/2021 and my 1st day of bug hunting.I’m still newbie!Today I am gonna to Share a Reflected Xss vulnerability what was reported by me to…
Improper Access Control to Remote Code Execution (CVE-2020-8591)
In this post. I will explain how I hacked a whole system by exploiting improper access control vulnerability in the popular java-based MaaS software “eG Manager” and how I can escalated it to execute code remotely.
The Improper Access Control weakness describes a case where software fails to restrict access to an object properly. A malicious user can compromise security of the software and perform certain unauthorized actions by gaining elevated privileges, reading otherwise restricted information, executing commands, bypassing implemented security mechanisms, etc.
Speaking with the team at Open Bug Bounty was the highlight of her day for Aviva Zacks of Safety Detectives. She learned that their community-driven spirit is exactly what advantageously differentiates their project from the others out there.
Level #1: Hello, world of XSS
hint: inspect the source code of the page
Level #2: Persistence is key
<img src=x onerror=alert('XSS')>
hint: “welcome” post contains HTML
Level #3: That sinking feeling…
Level #4: Context matters
Level #5: Breaking protocol
Level #6: Follow the X
Hi, So today ill tell some techniques of testing XSS, First of all these important things you should note: Copy pasting XSS payloads doesn’t work PoC or GTFO Its said like report checkers need a proper PoC for validation of the report, If doesn’t, Your report cannot be triaged. So first, For testing XSS you…
Many educational websites are using Moodle which is vulnerable to RXSS and according to shodan more than 50K websites are using this technology. Moodle is a learning platform designed to provide educators, administrators, and learners with a single robust, secure and integrated system to create personalized learning environments. This was founded by @PewGrand
Well said by somebody… Everything in the world has flaws in it, If you can dream it be courageous to achieve it With that said lets get started with this blog post. Hey folks, In this blog you will learn how to hunt for subdomain takeover vulnerability. So first of all what is subdomain takeover…
Hey Folks,You probably noticed many small improvements of OBB made in April. We have also improved our website owner notification system to maximize rapidity, reliability and clarity of notifications.Some of you currently don’t have emails in your researcher profiles: this creates hurdles for website owners to reach out to you. Eventually, this slows down your…