Overview Authentication Bypass Vulnerabilities are common flaws in web applications today, but they are not always easy to find.With the continuous development of technology and the integration of various platforms, traditional authentication methods are gradually decreasing. The new authentication method not only provides convenience for users but also improves security to a higher level. While…
Hey everyone, This is a blog related to my recent CVE on ServiceNow.It was found while testing a bug bounty program that was using ServiceNow and their in-scope domain was ‘redacted.service-now.com’. I searched the ServiceNow exploits on google and found that the domain was vulnerable to CVE-2019-20768 and CVE-2021-45901. I reported them and the reports…
The cookie-based XSS One evening I started hunting on the Terrahost Bug Bounty program. I was testing the terrahost.no main domain. There was a functionality where I could choose the service, then register an account and place an order. So I did that. I chose Virtual Hosting and put all the data – username, address,…